Displaying the Form

Leave a comment

program sanitizes copies of the elements we will be outputting from the $row array into the variables $r0 through $r4 by passing them to the htmlspecialchars function, to replace any potentially dangerous HTML characters with harmless HTML entities.
Then the part of code that displays the output follows, using an echo
<<<_END…_END structure as seen in previous chapters, which outputs everything between the _END tags.

Instead of using the echo command, the program could drop out
of PHP using ?>, issue the HTML, and then reenter PHP processing
with <?php. Which style is used is a matter of programmer
preference, but I always recommend staying within PHP code, for
these reasons:

  • It makes it very clear when you’re debugging (and also for other users) that everything within a .php file is PHP code. Therefore, there is no need to go hunting for dropouts to HTML.
  • When you wish to include a PHP variable directly within HTML, you can just type it. If you had dropped back to HTML, you would have had to temporarily reenter PHP processing, access the variable, and then drop back out again.

The HTML form section simply sets the form’s action to sqltest.php. This means that when the form is submitted, the contents of the form fields will be sent to the file sqltest.php, which is the program itself. The form is also set up to send the fields as a POST rather than a GET request. This is because GET requests are appended to the URL being submitted and can look messy in your browser. They also allow users to easily modify submissions and try to hack your server (although that can also be
achieved with in-browser developer tools). Additionally, avoiding GET requests prevents too much information appearing in server log files. Therefore, whenever possible, you should use POST submissions, which also have the benefit of revealing less posted data.

Having output the form fields, the HTML displays a submit button with the name ADD RECORD and closes the form. Note the <pre> and </pre> tags here, which have been used to force a monospaced font that lines up all the inputs nearly. The carriage returns at the end of each line are also output when inside <pre> tags.

Leave a Reply

Your email address will not be published. Required fields are marked *