start learning
Image 1

Input types

In PHP, "input" generally refers to data that a user or another system provides to a PHP script. This input can come from various sources, such as user-submitted forms, query parameters in a URL, or data received through API requests. Handling input correctly is crucial for the security and functionality of a PHP application.


HTML Forms and Input Types


// Assuming a form with a 'username' input field
$username = $_POST['username'];

In this example, the form will send the data to a PHP script called process.php when the user clicks the "Submit" button.


Validation and Sanitization

  • Validating an email address:
  • 
    $email = $_POST['email'];
    if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
        // Email is valid
    } else {
        // Invalid email
    }
    
    
    $input = $_POST['user_input'];
    $sanitized_input = mysqli_real_escape_string($db_connection, $input);
    

    Data Type Conversion

    
    $user_age = $_POST['age'];
    $user_age = (int)$user_age; // Convert to integer
    

    HTML form input with PHP

    simple form with two input fields

    
    <!DOCTYPE html>
    <html>
    <head>
        <title>PHP Input Example</title>
    </head>
    <body>
    
    <form method="POST" action="process.php">
        <!-- Text Input -->
        <label for="username">Username:</label>
        <input type="text" id="username" name="username" required>
        
        <!-- Password Input -->
        <label for="password">Password:</label>
        <input type="password" id="password" name="password" required>
        
        <!-- Submit Button -->
        <input type="submit" value="Submit">
    </form>
    
    </body>
    </html>
    

    In this HTML code, we have created a simple form with two input fields: a text input for the username and a password input for the password. The form's method is set to "POST," which means the data entered by the user will be sent to a PHP script for processing when the user clicks the "Submit" button. The form's action attribute specifies the PHP script (process.php) that will handle the form submission.

    process.php PHP script to handle the form data

    
    <?php
        if ($_SERVER["REQUEST_METHOD"] == "POST") {
        // Retrieve data from the form
        $username = $_POST["username"];
        $password = $_POST["password"];
        
        // You can perform various actions with the data, such as database queries or authentication checks.
        
        // For this example, we'll simply display the received data.
        echo "Username: " . $username . "<br>";
        echo "Password: " . $password;
    } ?>
    

    In process.php, we use $_POST to access the data submitted from the HTML form. We retrieve the username and password values and can perform various actions with them (e.g., authentication or database operations). In this example, we're just echoing the received data to display it.
    When you submit the form, the data entered by the user will be sent to process.php, and you will see the output displaying the username and password.


    handling input in PHP involves collecting user data from various sources, validating and sanitizing it, and sometimes converting it to the desired data type. Proper input handling is crucial for building secure and functional web applications.