Skip to content Skip to sidebar Skip to footer
Home / Excel / Html / Php

How To Store Form Output In A Database, Using PHP?

Post a Comment
I'm having some issues with some functions within PHP/HTML. I'm generally a VBA guy, so this is a bit odd to me. I'm trying to create a form that a user can fill in, and have the s

Solution 1:

Stateless web applications are a different animal from desktop apps. Coming from a VBA background means you need to think about this differently.

The submit button itself cannot perform any action on the server. Here's why...

Browser

The browser loads and submits data to an HTTP server without knowledge of what happened before - it is stateless. Web developers have bolted on a stateful mechanism using various types of cookies in order for the server side to be able to retain knowledge about the HTTP requests coming in.

PHP

Even though PHP allows you to mix server side PHP code beside HTML code in your source file it does not mean that the PHP code is executed when a submit button is pressed.

Submit buttons cause the browser to send a brand new request to the HTTP server with the data that the HTML document has specified - in the case of a form, it sends form data. The method of sending form data is determined by the method attribute on the form tag. The method attribute changes where the data is available in PHP ($_GET or $_POST) and also can alter the URL in the browser (if the method is GET)

When this new request is processed on the server the entire PHP file is reloaded and re-executed without any knowledge of the previous page load. It is entirely possible for someone to write a bot that sends data directly to your program.

If you need to keep track of a logged in user (out of scope of this question) you would use sessions or cookies. Even still, the PHP file would have no knowledge if the page had been accessed prior to a form submission.

Conclusions

  • It's important to validate data on the server since PHP on the server does not execute any browser based validation even if it's in the same file.
  • It's important to use a secure method to prevent CSRF attacks
  • HTML and PHP code are allowed in the same file for convenience but this does not mean the PHP code is executed in a browser context.

Post a Comment for "How To Store Form Output In A Database, Using PHP?"