Chapter 17. Integrating Web Forms and Databases

IN THIS CHAPTER

Understanding HTML forms

Submitting data via forms

Self-submitting forms

Editing data with an HTML form

Form handling is one of PHP's very best features. The combination of HTML to construct a data-input form, PHP to handle the data, and a database server to store the data lies at the heart of all kinds of supremely useful web tasks.

HTML Forms

You already know most of what you need to make good forms to be handled by PHP and a database. There are a few PHP-specific points to brush up on:

  • You must use extra caution when using any data that comes from a visitor's web browser. It may seem like common sense, but there are still too many PHP programs that don't escape incoming data from a web form or from a web browser (or anywhere). Never use unfiltered data in a database query.

  • Always, always, always use a NAME for every data entry element (INPUT, SELECT, TEXTAREA, and so on). These NAME attributes will become PHP variable names — you will not be able to access your values if you do not use a NAME attribute for each one. If your WYSIWYG editor doesn't allow you to do this, you'll need to remember to add these NAME attributes by hand.

  • A form field NAME does not need to be the same as the corresponding database field name.

  • The VALUE can be set to data you wish to display in the form.

  • Remember that you can pass hidden variables from form to form (or page), using the HIDDEN data entry elements. This practice has negative security implications, ...

Get PHP6 and MySQL® 6 Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial