This tutorial shows how to use a PHP program to receive and process
data input by a user in an XHTML form. The sample program also uses the
regular-expression capabilities that we presented in the preceding tutorial
Function extract( associativeArray ) (line 15) creates a variable-value pair corresponding to each key-value pair in the associativeArray (i.e., $_POST), creating variables whose respective names and values correspond to the names and values of each posted form field. For example, in line 32 of Fig. 26.13, an XHTML text box is created and given the name email. In line 68 of our PHP script (Fig. 26.14), after having called function extract, we access the field's value by using variable $email. Elements in the superglobal array $_POST also can be accessed using standard array notation. For example, we could have accessed the form field email's value by referring to $_POST[ 'email' ].
Portability Tip 26.1
In PHP versions 4.2 and higher, the directive register_globals is set to Off by default for security reasons. Turning off register_globals means that all variables sent from an XHTML form to a PHP document now must be accessed using the appropriate superglobal array ($_POST or $_GET). With this directive turned On, as was the case by default in PHP versions prior to 4.2, PHP creates an individual global variable corresponding to each form field.
Software Engineering Observation 26.1
Using function extract to initialize variables from the superglobal arrays $_POST and $_GET is not recommended in a script on a Web site dealing with private or sensitive material. It is more secure to access each element in the superglobal array directly, using the array[ key ] notation.
In lines 19-20, we determine whether the phone number entered by the user is valid. In this case, the phone number must begin with an opening parenthesis, followed by an area code, a closing parenthesis, an exchange, a hyphen and a line number. It is crucial to validate information that will be entered into databases or used in mailing lists. For example, validation can be used to ensure that credit-card numbers contain the proper number of digits before the numbers are encrypted to a merchant. This script implements the business logic, or business rules, of our application.
Software Engineering Observation 26.2
Use business logic to ensure that invalid information is not stored in databases. When possible, validate form data with JavaScript to conserve server resources. Some data, such as passwords, must be validated on the server side.
The expression \( matches the opening parenthesis of the phone number. We want to match the literal character (, so we escape its normal meaning by preceding it with the backslash character (\). The parentheses in the expression must be followed by three digits ([0-9]{3}), a closing parenthesis, three more digits, a literal hyphen and four additional digits. Note that we use the ^ and $ symbols to ensure that no extra characters appear at either end of the string.
If the regular expression is matched, the phone number is determined to be valid, and an XHTML document is sent that thanks the user for completing the form. Otherwise, the body of the if statement is executed, and an error message is printed.
Function die (line 32) terminates script execution. In this case, if the user did not enter a correct telephone number, we do not want to continue executing the rest of the script, so we call function die.
Error-Prevention Tip 26.1
Be sure to close any open XHTML tags before calling function die(). Not doing so could produce invalid XHTML output that will not display properly. die() has an optional parameter that specifies a message to output when exiting, so one method of closing tags is to call die("</body></html>").
