Week 4 Topic 2: PHP and forms

Questions and Answers

What is the primary function of URL parameters, also known as query or GET parameters?

• To encrypt sensitive data transmitted over the internet.
• To store user session information on the client-side.
• To define the structure and layout of a webpage.
• To pass additional data from the client to the server. (correct)

In a URL, what character signifies the beginning of the query string?

• #
• %
• &
• ? (correct)

What is the purpose of the PHP isset() function?

• To unset or delete a variable.
• To check if a variable has been set and is not NULL. (correct)
• To set the value of a variable.
• To determine the data type of a variable.

Which PHP superglobal array is populated by variables passed through the URL?

$_GET (C)

Which HTML form attribute specifies the URL to which the form data will be sent?

action (D)

Which HTTP method sends form data in the body of the HTTP request?

POST (C)

Which of the following is a key difference between the GET and POST methods?

GET displays data in the URL, while POST does not. (A)

When should the GET method NOT be used for form submission?

When the form contains passwords. (A)

What happens to a checkbox input if it is not checked when a form is submitted?

It is not sent to the server at all. (B)

What is the significance of the value attribute in a radio button?

It defines the data sent to the server if the radio button is selected. (A)

What is a superglobal in PHP?

A variable that is automatically global in scope. (B)

What is the maximum amount of data that can be sent using the GET method?

2048 characters (D)

In PHP, how do you access the value of a form input named 'email' that was submitted using the POST method?

$_POST['email'] (A)

Which of the following describes the correct way to create a file called header.inc.php and include it in your main PHP file?

Create the file and use the include() function to include it. (A)

What is the main benefit of using separate files for header and footer content in a PHP website?

It simplifies the process of making changes to the header or footer across multiple pages. (B)

How is the action attribute used in an HTML form in conjunction with PHP?

It specifies the PHP file that will process the form data. (A)

When using radio buttons, how can you ensure that only one option is selected within a group?

By using the same 'name' attribute for each radio button. (A)

What is the primary difference between include() and require() in PHP?

include() produces a warning if the file is not found, while require() produces a fatal error. (B)

How would you modify the following HTML form to submit the data using the POST method instead of GET?

<form method="GET" action="process.php">
  ...
</form>

Change method="GET" to method="POST". (B)

Based on the following HTML form, what would be the URL if a user enters 'John' in the name field and submits the form?

<form method="GET" action="processName.php">
  Enter your name:<br>
  <input type="text" name="name" /><br>
  <input type="submit" />
</form>

processName.php?name=John (A)

What is the purpose of using labels (<label>) in HTML forms, especially with checkboxes and radio buttons?

To associate a text description with a form element, improving accessibility. (A)

Consider the following code. What will the output be if box1 is checked and box2 is unchecked?

<?php
if (isset($_GET['box1'])) {
  echo "Box 1 is checked. ";
}
if (isset($_GET['box2'])) {
  echo "Box 2 is checked.";
}
?>

Box 1 is checked. (B)

In the context of including files in PHP, which function would you use if you want to ensure that a file is included only once during the execution of a script?

require_once() (C)

What is the primary security risk associated with directly using user-provided data (e.g., from $_GET or $_POST) in SQL queries without proper sanitization?

SQL Injection (B)

Suppose you have a form with a multi-select dropdown. When the form is submitted using the POST method, how is the data from the multi-select dropdown typically represented in the $_POST array?

An array of the selected values. (B)

In PHP, what is the difference between using header('Location: ...') and including an HTML <meta> tag for redirection?

header() sends an HTTP header, which is faster and more reliable than a <meta> tag redirect. (C)

Given a scenario where you need to handle file uploads through a form, what security measures should you implement on the server-side (PHP) to prevent malicious uploads?

Verify the file's MIME type, check the file size, and store the file outside the web document root. (C)

Consider a situation where you need to maintain state between multiple pages without using cookies. Which alternative approach can you use to pass data between pages?

Use server-side sessions with URL rewriting. (C)

What is the purpose of the htmlspecialchars() function in PHP when processing form input?

To convert special characters to HTML entities, preventing XSS attacks. (D)

You have a form that submits data to a PHP script. The script needs to handle different actions based on which submit button was clicked. How can you differentiate between the submit buttons in PHP?

By giving each submit button a unique name attribute and checking for that name in $_POST. (C)

You are designing a form that accepts user input, including potentially formatted text. What steps should you take to prevent XSS attacks when displaying this data back to other users?

Use htmlspecialchars() to encode HTML entities and store the raw input in the database. (C)

How can you implement CSRF (Cross-Site Request Forgery) protection in a PHP form?

By including a unique, unpredictable token in the form and verifying it on the server-side. (C)

What is the significance of setting the autocomplete attribute to off on sensitive form fields, such as password fields?

It prevents the browser from suggesting or storing previously entered values, enhancing security. (A)

Consider a form that allows users to upload images. Besides checking the file extension and MIME type, what other server-side validation steps can you take to mitigate potential image-based vulnerabilities (e.g., image-based XSS or denial-of-service)?

All of the above. (D)

You need to implement a custom session handler in PHP to store session data in a database. What interfaces or classes must your session handler implement or extend to be compatible with PHP's session management?

Both SessionHandlerInterface and SessionUpdateTimestampHandlerInterface. (C)

You are tasked with designing a highly scalable form processing system that can handle millions of submissions per day. What architectural patterns and technologies would you consider to optimize performance and reliability?

Employing a message queue (e.g., RabbitMQ, Kafka) to decouple form submission from processing, using multiple worker processes for asynchronous processing, and leveraging a NoSQL database for scalable storage. (B)

Which of the following is true about the $_REQUEST superglobal array in PHP?

It contains the combined contents of $_GET, $_POST, and $_COOKIE. (C)

Flashcards

URL parameters (GET)

Key-value pairs appended to a URL for passing data to the server.

isset() function

A PHP function that checks if a variable has been assigned a value.

$_GET

An array of variables passed to the current script via URL parameters.

$_POST

An array of variables passed to the current script via the HTTP POST method.

<form>

A HTML element used to create interactive forms.

<input type="text">

Defines a text input field where users can enter text.

Checkboxes

A type of form input that represents a yes/no choice.

Checkbox Value

Sends a value (typically 'on') to the server when the checkbox is checked.

Radio buttons

A type of form input that allows users to select one option from many.

Associates a label with an input element for accessibility and usability.

include()

Including and evaluating the specified file.

<input type="submit">

HTML element that specifies a submit button for a form.

Study Notes

• PHP is commonly used to receive data from users via forms

URL Parameters

• URL parameters, or query/GET parameters, are key-value pairs added to a URL's end, used for filtering, sorting, and pagination
• A query string is the extra URL data: myPage.php?var1=34&var2=hello
• Everything after the question mark is the query string, structured as key-value pairs separated by ampersands (&)
• PHP automatically puts these parameters into the $_GET array.

Isset Function

• The isset() function tests if a variable has been assigned a value
• This determines if the user provided a value, prompting them if not

Form Methods: GET and POST

• After the data is provided in a form, the browser sends data to the web server which can be accessed depending on the form method used, in either $_GET or $_POST
• GET and POST create an array (e.g. array( key1 => value1, key2 => value2, key3 => value3,...) ) holding key-value pairs from form controls

Superglobals

• $_GET and $_POST are superglobals, which means they are always accessible regardless of scope, from any function, class, or file

$_GET

• $_GET retrieves variables from URL parameters
• Information sent via GET is visible in the URL with a 2,000 character limit
• GET should not be used for sensitive information like passwords

$_POST

• $_POST retrieves variables via the HTTP POST method
• Information sent via POST is invisible, embedded in the HTTP request body, and has no size limits
• Pages using POST cannot be bookmarked, because the variables are not displayed in the URL

Creating Forms

• The tag creates a form where users enter their name and submit it to the PHP server
• The method is GET and the action specifies the URL of the PHP script
• The `` element is the most used form element and has a type attribute

< form method = "GET" action = "procesName.php" > Enter your name: < br > < input type = "text" name = "name" /> < br > < input type = "submit" />   

• In processName.php, the script outputs "Hello [name]" if a name is set; otherwise, it outputs "You did not provide a name"

< html > **** 

Checkboxes

• A checkbox form requires two YES/NO inputs
• A checkbox that is not checked will not be sent to the server

< html > < body > < form method = "GET" action = "procesCheckbox.php" > < h2 > Checkboxes  < label for = "box1" > Box 1  < input type = "checkbox" name = "box1" id = "box1" /> < br > < label for = "box2" > Box 2  < input type = "checkbox" name = "box2" id = "box2" /> < br > < input type = "submit" />   

• The PHP script processes the input data, matching the action in the HTML file
• If both boxes are checked, the output: Array([box1]=>on [box2]=>on)
• If only one box is checked, the output: Array([box1]=>on [box2]=>on)
• Checkboxes have two possibilities: Checked (value "On" sent) vs. Unchecked (not sent)
• The isset function can be combined to produce unique checkbox outputs.

Radio Buttons

• Radio buttons allows a selection of one choice of many
• The tag displays a radio button with a specified value

< html > < body > < form method = "GET" action = "procesRadio.php" > < h2 > Choose a fruit  < label for = "b1" > Apple  < input type = "radio" name = "Fruit" id = "b1" value = "apple" /> < br > < label for = "b2" > Orange  < input type = "radio" name = "Fruit" id = "b2" value = "Orange" /> < br > < label for = "b3" > Lemon  < input type = "radio" name = "Fruit" id = "b3" value = "Lemon" /> < br > < input type = "submit" />   

Radio Button Images

• To show the user a picture of their selected fruit, images with the same names as the value specified in the radio (e.g. value = "Apple") can be used
• The variable $fruit will be replaced, containing "Apple", "Orange", or "Lemon"

< html >
< body > **** 
        < link rel =" stylesheet " type = " text/css " href =" mystyle.css "/>
    
< body >
    < div id = " container ">
        < div id = " header ">
        < h1 > **** 
    
    < div id = " navbar ">
        < ul >
        < li > < a href = " Page1.php "> Page 1 
        < li > < a href = " Page2.php ">Page 2 
    
    

Header File

• Create a PHP file for the top portion of an assessment (header.inc.php) and save it in a new folder called PHP

Footer File

• Create a second file for the page footer (footer.inc.php) and save it in the PHP folder

< div id= "footer" > < p > & copy; 12345678 -2015     

Main File

• In the main file (page1.inc.php), include the header and footer files

- *** < div id =" content ">
    < p > some content here
    < p > more content
- ***

Multiple Pages

• To create multiple pages, copy page one and change the content
• Changes to the header or footer file will immediately apply to all pages

- *** < div id =" content ">
    < p > Super page 2
    < p > more super content
- ***