July 6, 2011, 5 p.m.
posted by astropy
A form gathers the information from your visitor and the script processes that information. The script can log the information to a database on the server, send the information via email, or any number of other functions.
In this chapter, since the focus is on creating Web forms, we'll use a very simple PHP script to echo the data back to the visitor when they fill out and submit a form (Figure). I'll also give you a script that you can use to submit a form's contents to your email address (see page 258).
PHP, which is a recursive abbreviation that stands for PHP: Hypertext Preprocessor, is an Open Source scripting language that was written specifically for making Web pages interactive. It is remarkably simple and straightforward. I wrote the scripts for this chapter after having worked with PHP for a very short timethough I was fortunate enough to have a copy of Larry Ullman's excellent PHP for the World Wide Web: Visual QuickStart Guide, Second Edition, which I highly recommend. While it's true that my scripts are not very complicated, that's sort of the point. I was able to get them to do what I needed without having to jump through a lot of hoops.
In addition to being easy to learn, PHP has a number of additional characteristics that make it ideal for processing (X)HTML forms. First of all, PHP is an interpreted or scripting language, which means that it does not need to be compiled first. You write it and off you go. In contrast with Perl scripts, you don't have to make PHP scripts executable or put them in any special place on your server. Indeed, although PHP scripts can be independent text files, they are often written right inside the (X)HTML page itself, making PHP extremely convenient for Web designers.
Finally, because PHP was designed for the Web, it's good at the tasks that Web pages require and coordinates well with (X)HTML. There are hundreds of ready-made built-in functions that you can take advantage of. In this chapter we'll touch briefly on PHP's form processing tools. PHP's official site can be found at http://www.php.net/
5. The script shown in
As always when you're sending information to the server, you need to be very careful with security. Never assume anything about your data. Just because you may have built safeguards into your form doesn't mean the bad guys won't create their own form that calls your script in order to send out millions of spam messages with it. Check your data explicitly and make sure that it is what it should be, with no extra bits lurking about.
Alternatives to PHP
There are many alternatives to PHP for processing forms. CGI scripts written in Perl are one common strategy, as are ASP, VisualBasic, and even AppleScript. You can find more information about Perl in my Perl and CGI for the World Wide Web, Visual QuickStart Guide, Second Edition, also published by Peachpit Press. A few of the examples in this chapter still rely on Perl scripts. You'll find the forms and accompanying scripts in the Examples section of my Web site (see page 26).