Note: Be aware of the security of your data when working with the form in PHP
Validating submitted data before processing an HTML form is necessary to prevent hackers from hacking and spam.
The above HTML form assumes the following rules apply:
Fields – Validation rules
Name – required, must contain letters and spaces
Email – required, must contain a valid e-mail address, including @ and.
URL (website) – optional, if the fill must be a valid URL
Comment (comment) – optional, multi-line input field
Gender (gender) – required, select an item
The HTML code is as follows:
Head
><body><formAction=' test.php 'method=' post '>Name:<inputtype=' text 'name=' name ' /><br/>E-Mail:<inputtype=' text 'name=' email ' /><br/>Url:<inputtype=' text 'name=' website ' /><br/>Comments:<textareaname=' comment 'rows=3cols= >
textarea
><br/>Gender:<inputtype="Radio"name=' gender 'value =0checked=' checked '/>Women<inputtype="Radio"name=' gender 'value=1 / >Men<br/><inputtype=' Submit 'value=' Submit ' />
Form
>
Body
>
HTML
>
This form submits the data through the Post method
Validating form data with PHP:
Typically, when you filter submitted data, the Htmlspecialchars () function is used to process the data, which converts HTML tag characters into HTML entities. For example <和> , it will be replaced by lt; and the gt;. This prevents the attacker from exploiting the code by injecting HTML or JS code into the form.
After we have used the Htmlspecailchars () function, the following code
<script>location.href('http://www.hacked.com')
script>
Will be escaped as:
<script>location.href('http://www.hacked.com')</script>
, the submitted data is now secure and will not cause damage to the page code.
In addition, there are two things we need to do in addition to filtering data with the Htmlspecialchar () function:
- Remove unnecessary characters from user input data (such as extra spaces, tabs, line breaks, etc.), and use the trim () function of PHP more
- Delete the backslash (\) in the user input data using PHP's Stripslashes () function
form Data Processing Example:
$name=$email=$website=$comment='';$gender=0;$name=test_input($_POST['name']);$email=test_input($_POST['email']);$website=test_input($_POST['website']);$comment=test_input($_POST['comment']);functiontest_input($data){$data=trim($data);//去除$data数据两侧多余的空格$data=stripslashes($data);//去除$data中的反斜杠$data=htmlspecialchars($data);//将html标签转以为html实体return$data;}?>
'). addclass (' pre-numbering '). Hide (); $ (this). addclass (' has-numbering '). Parent (). append ($numbering); for (i = 1; i <= lines; i++) {$numbering. Append ($ ('
'). Text (i)); }; $numbering. FadeIn (1700); }); });
The above describes the php form validation-w3school PHP learning notes, including the w3school aspects of the content, I hope the PHP tutorial interested in a friend helpful.