| “We are constantly accelerating upwards and outwards from the Earth. I know, I can feel it.” Anon | |||||||||
 |
 |
||||||||
“a resource for web developers...” |
|||||||||
| “We are constantly accelerating upwards and outwards from the Earth. I know, I can feel it.” Anon | |||||||||
|
|
||||||||
“a resource for web developers...” |
|||||||||
Back to PHP: Intro
Processing form data, validating and writing the form's content to a text file on the server is a common website functionality requirement that can be easily achieved with some basic PHP coding.
We can achieve this with the use of two web pages: one to display the form itself and one PHP web page to do the actual processing.
Scalability Note: The use of a text file to store form data is useful for a small scale website with a limited number of users. If a lot of users are expected to access this facility at the same time then consider using a database instead.
Method:
First create a form to capture input from the user and place within a web page. We will call this page 'feedback.htm', note that as this web page does not need to contain any PHP code it can be a simple .htm web page. Let's write the code for the form:
<!-- Create a simple form to capture user input --> <!-- Place the following XHTML code snippet in a file called 'feedback.htm' --> <form action="feedbackform.php" method="post" name="frmFeedback" id="frmFeedback"> <p>Name:</p> <input type="text" name="name" size="100" /> <br /> <br /> <p>Your email address please:</p> <input type="text" name="email" size="100" /> <br /> <br /> <p>Country:</p> <input type="text" name="country" size="100" /> <br /> <br /> <p>Place your feedback here:</p> <textarea name="body" rows="8" cols="60"></textarea> <br /> <br /> <input type="hidden" name="hidden" value="feedbackEnd" /> <input type="submit" name="submitFeedback" value="Send" /> </form> |
From above we can see that the PHP web page that will do our processing is called 'feedbackform.php'. Let's now concentrate on the PHP code required within that web page to process any input from the above form.
First of all we must check that the user has arrived at this PHP web page after first submitting the above form. If they have not then we must redirect them to another web page of our choice. If they have arrived here after submitting the form then there will be a POST variable called 'hidden' with the content 'feedbackEnd' for us to capture which would have been created by the above form's hidden control. Let's check for that variable and send them back to the web page that contains the form if it does not exist.
Place the following PHP code snippet in the PHP web page to check for the POST variable 'hidden'.
Note: This snippet uses the PHP header() function and as a HTTP header it must be placed at the top of the web page before any other output is sent including any characters, line breaks or white space.
<?php // redirect to feedback.htm if POST variable 'hidden' is NULL if ($_POST['hidden'] == NULL) { header("Location: feedback.htm"); exit; } ?> |
With that done we can now start to process any data contained within the form's other controls. We must assume that the form's content may be hostile to the running of our website and therefore we must validate the input before writing this to the server.
As we are writing the content to a plain text file the only validating we shall do here is to check for the size of the input. We will cut off any content over a certain size. After all we would not want the entire content of the novels of Enid Blyton on our server. This can be done easily by calling the PHP function 'substr()' and setting our parameters to suit. As you can see below, the limit of the size of the control 'body' assigned to the variable '$limitBody' is set to the first 1000 characters.
<?php // limit the size of the input $limitName = substr($_POST['name'], 0, 100); $limitEmail = substr($_POST['email'], 0, 100); $limitCountry = substr($_POST['country'], 0, 100); $limitBody = substr($_POST['body'], 0, 1000); $limitHidden = substr($_POST['hidden'], 0, 11); // more PHP code goes here, see below ?> |
Finally we can now write the content to a plain text file for us to open and view later at our leisure. It is a good idea to place the text file outside the web root, in a directory higher that the directory that contains the website files. This will ensure that the text file we are writing to is not accessible to other users of the website. As you can see below the text file called 'feedback.txt' is inside a folder called 'formdata'.
Security Note: The content of the text file will not be encrypted and the information enroute to the text file across the Internet will not be encrypted. If sensitive data is to be collected and stored then consider using a database coupled with secure data transfer over the Internet such as Secure Sockets Layer (SSL) or its successor Transport Layer Security (TLS) and coupled with Hypertext Transfer Protocol Secure (HTTPS). HTTPS should not be confused with Secure HTTP (S-HTTP), a security-enhanced version of HTTP. Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely.
<?php // Processing data from website forms // limit the size of the input $limitName = substr($_POST['name'], 0, 100); $limitEmail = substr($_POST['email'], 0, 100); $limitCountry = substr($_POST['country'], 0, 100); $limitBody = substr($_POST['body'], 0, 1000); $limitHidden = substr($_POST['hidden'], 0, 11); // write the validated data to a text file // attach the date to the input $thedate = date("l, j F Y H:i:s"); $filename = "../formdata/feedback.txt"; $newfile = @fopen($filename, "a")or die("Create record file server error. Please try again."); @fwrite($newfile, "$thedate\n$limitName\n$limitEmail\n$limitCountry\n$limitBody\n$limitHidden\n\n")or die("Oops!"); fclose($newfile); ?> |
Do not be too concerned with the details of the above code, but hopefully some of the above is self explanatory on a basic level.
We have simply written the form's content to a text file will that will be created if it does not already exist. Any new data will be appended to the end of any existing data in the file.
We have also added the date and time in the format: 'Monday, 17 March 2008 20:17:13' and some line formatting to add clarity when the file is opened is a word processing application that understands the line break character '\n'.
You can also add a simple message in XHTML markup to this web page thanking the user for their contribution to your website.
Copyright © 2006-2012 justfigures.co.uk