MySQL - 使用PHP進行HTML表單驗證(filter_var) (MySQL - HTML Form Validation with PHP (filter_var))

字幕列表影片播放

creating these classes requires equipment and service.
Is that cost money?
If you appreciate this education, please think about going to Eli the computer guy dot com and offering a one time or monthly recurring donation.
Welcome back.
As you know, I am the line a computer guy in In today's class, we're going to be doing a form validation with PHP.
So basically, we're going to create an HTML form, and that form is going to submit about variable values to a p, a P script.
That PHP script is then going to verify its going to validate that those variables are the types of variables that they are supposed to be.
If they're the types of variables that they're supposed to be, it will then insert those variables into a my sequel table.
And if not, it will simply print down to the screen and basically say, bad email or bad age, eh?
So when we're talking about form validation, this is an important thing.
When you're thinking about dealing with databases is what we're trying to do here is make sure that we don't get bad data into a database.
Now, A lot of times people are worried about bad data going into a database.
They're thinking about things such as hackers again, things like such a sequel.
Injection attacks.
How do I keep a hacker from trying to do something with the database?
The problem is, the problem is, is most of the time when you start having issues with your database, and when you start having issues with your data, it's not actually hackers and nefarious actors and Chinese folks and all that kind of stuff.
In reality, it's normally stupid users, right users, just fat fingers something when they're plugging something into a field in HTML form.
And then, if you don't have any kind of validation to tell the user that there's a problem when they get submit, that will get dumped into your table.
And then you know you get enough people doing that and you will run into a lot of problems because the data in your database I will not be good quality data.
And then, if that's the case, your database isn't really that valuable anymore.
So it is important to understand that what we're going to be doing today is we're simply going to be validating variables so I did a class before talking about sanitizing variable.
So that was where Let's say you want to strings.
You want a name or you one email address something like that.
Sanitizing a variable is where you use the filter underscore of our function in order to go through and clean out anything that is not a normal string.
So it cleans out tags.
It cleans out any kind of escape.
It cleans out any of those types of things.
So if somebody is trying to submit a hyperlink using the name field using filter underscore bar, any sanitizing variable will clean out all of those tax.
But we're going to be doing today.
That's what we're going to be doing today.
We're simply going to be validating that the variables coming in look like what those types of variables we're supposed to be so in.
The example we're gonna be doing is we're going to be validated.
An email address on email address should be, you know, the front name it should be.
An at sign should be the back of a name dot com biz info.
Something like that.
So if somebody submit something that looks like that that will be then be able to be inserted into the database if they insert something without the dot com orb is whatever else it will fail out of.
Eight.
Submit something Well, that without the act, it will fail out.
So basically all we're doing is we're validating that the variables that the PHP script is dealing with more or less look like they're supposed to look.
The cool part with validation is again you can validate first off of ends.
That's what we're gonna be doing today.
For the age you can validate off of domain names you can validate off of email addresses you validate off of I p addresses you convey.
Validate a lot of different types of variables again.
So if you're gonna be pumping this into a database, you can make sure at least at least the variables.
Look what they're supposed to look again as an important thing to understand, with security and dealing with your database is you have to have mall to pull levels of security in your infrastructure to make sure that the dad and everything goes in is how it's supposed to be.
So the validation is one way to do that so you can sanitize variables.
You can validate the variables.
You can do multiple steps to make sure that at the end of the day, the data going into your database this is good data as you're going to get.
So with that, let's go over the computer and I can show you how this works.
So here we are, back at my lab environment again.
I'm running a bunch of desktop 18.4 Lt s N e u bahn to desktop that you're running should should work for this particular project that we're doing I am running this within a virtual machine and virtual box.
I have this running on my Mac book pro in order to get the full A lamp stack on this you want to desktop?
I did use something called tasks.
Lt s K s C.
L.
It's a tool with a bun, too.
With that, I was able to install a packet, my sequel and PHP there.
I have not modifying any of the default configurations.
PHP not I and Ivy hosts anything like that literally.
The only thing that I have done other than the default configuration to simply dumped in a p A P folder within the Apache root directory guest.
So I have some place to dump all the scripts, Eh?
So the first thing that we're gonna do is we're gonna go.
We're gonna take a look at our my sequel database.
Like we normally d'oh.
So you go down to show applications, you go up to search do terminal, then you bring up your command prop from here again.
We do buy a sequel.
Space sequel, space hyphen.
You User name is Bob Space Life MP To ask for the password and enter password A super secret.
123456 And now, when are my sequel database server from here?
We're going to use our class D B s.
So we go to showed a base is way.
We have a number of databases here again.
The database that we're gonna be dealing with today is the class d Be very important that you know what database and what tables you're interacting with eso.
Since we know that we're going to do use class D B to drop into the class database from their new show tables to see what tables that we're dealing with.
And the table that we're going to be dealing with today is I have created this table called E Mail.
Sign up.
So basically, this is a very simple form.
It's going ask her name, it's going to ask for an egg and it's going to ask for an email address.
And then it was going to dump into this my sequel database.
So with this me do D E.
S c.
So describe email sign up so we just know what this table looks like.
It inner and so we can see is we have an I D.
Field again.
This is just a primary key is an auto increment, Justin just a unique i d for for the for the table.
Then we have name that is text.
Then we have a day that is an editor and then we have email that is also text So very simple.
Four fields, one auto increment, one age to text from that.
If we just wanted to go take a look and see what records already in here.
You select all from of email.
Sign up semicolon, of course.
And, uh, oops.
Select oh way!
Go Hey, if you actually do the sequel statement, right, it works.
So a year ago, So we have one i d.
So I d.
Number one, a name of Bob and 80 of 12 and email address of Bob at bob dot com Again to remember with this form validation.
When we're doing the email validation today, this is not verifying again.
You have to think about that like this isn't verifying that the email address is correct.
It's simply a validating that it looks like an email address right front, part at back part dot something.
This is not verifying that the email address works it simply validating that it looks like what the hell an email address should look like.
So again, this is where you talk about when you're creating overall project.
This is where you may have some kind of email verification system.
That was someone somebody plugs and email into a form.
Then your system sends them an email, and then they can click on the link on the email to verify that the email address that they gave is legitimate.
This one of the project I'm showing you today simply validates that the email address looks like how an email address should like.
Like it does not verify that the email address is, in fact, a good email address.
When I was with that, let's go over and take a look at the code s O the first code that we have today.
Listen, plain html form a forum valid again.
I don't know.
You try coming up with names.
Thanks.
Especially when you're doing classes s.
So this is just the balance.
A form of Alan.
This is just a form that's going to collect this standard information surrendered a female form, and then it's going to send it that information to a script.
We opened up the A female.
We opened up the body that we come down the forum.
We open up the form we have the action into the action here is we're going to send the values to P A p a form of validation dot PHP.
So we're gonna send these values over to this pH be script past that we have a method of post.
Then it's going to ask for a name.
Input type is text name equals names.
When this passes it over, we're gonna be able to identify this value by by the name of name that is going to ask for aid and put type also of text, name of age, email and put type.
Also text name of IGA of email and put type Submit.
Basically, that's the submit button and close the foreign clothes A body close th e mail on.
Then we have before we went to go Look at it.
We could come over here and basically this is what we create.
So we have a name text box age, text box, email, text box, submit query That'll get all sent over to this PHP form validation s O.
We go here and we take a look at this and this looks a lot like the code that we've been dealing with before.
If you've been following along with these classes, that's the first thing we're going to do here as we're gonna open up PHP like we normally d'oh.
And then we're going to create our variables from that post information.
So we're going to create a dollar sign, dollar sign, a dollar sign, e mail variable for this script.
Then we're going to assign the values of those variables to whatever came in from Post.
So post our I'm sorry.
Dollar sign, underscore Post and then name dollars under skies underscore Post, eh?
Same for email.
So basically the values that come from these names from these text boxes are they going to be the values for these new variables that we've created past?
That we're going to come down here, We're going to create the variables on set them for the connection to the database server on the database server name, user name and password and dee bee, local host Bob.
123456 and a database is class D.
B.
They were gonna come down here, and we're going to create the variable for the connection.
So dollar psychology equals that will my sequel, I server name, username, password, database.
Then if the connection there is an error, it's going to fail out.
So all all of this kind of stuff, right here we go with 20 times before.
Uh, the interesting part is where we get down here and this is where it may get a little ugly for the quote unquote real a coders out there.
This may be a little bit ugly, but I think this is a good way to teach you.
It's my thought, eh?
So what we're gonna be doing here, we're going to be using this filter underscore of our function.
So the filter underscore Barber of our function.
You can use this to sanitize variables.
So basically what variables come in, it can strip out crap that's not supposed to be there.
So again, if somebody is supposed to insert a name and they try to insert a whole hyperlink, it can rip out all attacks for the hyperlink.
Or it can do things such as simply validate that the variable information coming in again looks like it does not verify.
It just says that it looks like how variable supposed to look and see what you can do with this issue.
See, use a filter.
Underscore bar.
That's the function.
You open up the parentheses, you then give it you give it whatever variable you want.
Thio.
You have to want this function to look at and then you give it the filter that you want to filter against S o.
For this, we're gonna be feeding at the dollar sign email.
So the value for the email and we're going to filter, underscore, validate, underscore email.
So this filter is going to validate, um, that this is actually what email address is supposed to look like.
We go over here and we just open up Google Chrome.
We can go to the validate filters section that they have, and you can see that there are a lot of different filters you can plug in here.
So the filter that we're using today is we're using the filter underscore, validate when the score ends and the one for the email address wherever that is.
Okay, so filter underscore, Validate, underscore email.
So these are the two of filters that will be using today.
But again, you have validate for an I p address you validate for a Mac address you validate for afloat again a support.
Understand?
We're dealing with numbers on into juror is ah whole number 1 10 25,000 and 20.
A float is 10.20 20.25.
Right.
So again, if you're validating whether it's an end or float domain Boolean, you can validate for a lot of different things, so I know it's gonna come back here.
And so what we're going to be doing here is going to be using, if else, if else today.
So if filter underscore bar and then we give a dollar sign email.
So the value for email they were going to filter validate emails were using the validate email filter.
So if this is false, equals equals equals, so it equals and the data type equals false.
So, basically, if it is not a good email address, right is just Bob at Bob, right?
That's on a good email address or is at bob dot com.
That's not a good email address, or it's just Bob.
That's not a good email address.
All that's gonna happen is we're gonna fail at everything, and it's simply going to print bad email, right?
So again I'm doing It's very simple.
You could have something happen that's much more complicated than this.
But to make life easier, is it going to print out bad?
Then it's gonna close that part of the if they were gonna do else if Elsa there a new filter of our same thing as before, but age, we're gonna look at the age we're gonna say, then we're going to use the filter filter.
Underscore, validate, underscore int.
So if this is false, so if the age is not, it is not an insecure so, again 10 1212 it is anything other than that it is going to print out bad age else.
So basically, as long as it gets through here, then it's going to go through the normal thing that's going to create.
We're gonna create our sequel, variable, and we're going to say Insert into email side up.
So we're now using the e mail.
Sign up a table name, age, email values, name a e mail, just like we have before in other projects when we're inserting into a table.
If you know a Connection Query sequel equals true, then it's going to print out on the screen added name, age and email else.
If there's a problem, it's going to ever out.
It's gonna close this if then the important thing here is we're then going to be closing this else.
So all all of this now is wrapped within this else.
So do you remember?
Remember that bracket?
So if if it's not a good email is going to print the bad email.
If it's a good email, it's gonna go to the next else.
If if it's a bad egg, it's gonna print out simply bad age.
If it's good egg, then it's going to go to the else the else is.
Basically, do the normal thing of insert into email, sign up table, name a email, blah, blah, blah.
Print things out like normal.
So when you're doing this, do you remember these brackets here?
If this is how you decide to coat it, we go over.
Then we take a look at the actual form itself so we can come here so I can say name of Tim.
08 of 22 email address of Tim at a.
Well, right.
So this all looks normal If I do hit his summit query, added Tim, 22 tim at well dot com.
We go over to her my secret database, a select all from email sign up, and we can see that Tim has been added as the second I d.
But But what if we screw something up?
So what if somebody fat figures So let's say with the with the age somebody puts in Tim.
Oh, Steven's right.
They're not paying attention to what they're doing and go.
Okay, it's first name, last name, whatever.
So we hit.
Submit query, and we can see it just fails out to that bad egg.
We go back.
They do the age properly again.
Maybe make 10.
12.
And instead of putting Tim at a o.
L dot com, what if they simply put Tim at a Well, Then we hit.
Submit Query and we see bad email because it does not look like an email address.
Eso we come back here again?
Let's say we put in soo.
We make her 24 years old and weaken.
Say Sue at not a riel e mail dot com Again, it's not a really male, but we're not doing verification.
We're simply doing validation.
Submit Su 24 at Su at not really email dot com was added to our my sequel database, and so we can see that here.
So, basically all we're doing here with the form validation is we're using filter underscore of our This is the function we're feeding it the value of whatever variable were then giving it the filter so the email Filter the end.
Filter the float filter the domain name filter the I P address.
Filter the Mac address filter.
You know any of these filters that you want to feed it on basically, if right here.
So what we're having to do here is if it's false.
So basically, if this is not good, if it's not, does not look like a valid email address.
Then you're going to print out bad email.
It's going to go through there.
If everything looks good, it's going actually insert the values in my sequel database table.
So that's the basic project that we have today.
That's how you could use filter Underscore Bar to validate that variables.
Look, look how they're supposed to look.
So there you go.
Now you have a basic understanding of how to do form validation with PHP.
Now it is important to understand that you could do form validations with a number of different coding languages.
Again, PHP is a back end, a coding language.
What this means is the variables.
That data is sent to the P A p.
It's sent to the server once it's on the server of the PHP code runs, and then the validation happens that way.
Ah, lot of the times the way that people actually do validation in the real world is they use a front end scripting language such as Java script.
So basically, you can have Java script running in real time on the form.
And that's where when you're typing into a field, you'll notice like the text will be read until it looks how an email address or something is supposed to look and then it will turn black.
When you see something like that, that is Java script.
Doing the foreign validation is able to do that because that is actually running in real time on your Web browser.
So as your inputting the information, it is able to really read that in real time and then modify how the form looks based off of what is currently put in there using PHP for four invalidation.
What has to happen is the data actually has to be sent to the server.
The server uses the PHP script to parse the data that's been provided to it, the variables that have been provided to it if those variables air not off up to snuff and then has to send back to the Web browser, some type of response.
So what?
What I showed you today honestly looks ugly as hell.
It's ugly as hell.
And it's not the way that I would do for invalidation in a production environment.
So I was actually creating some kind of email sign up form that was gonna put out to the real world.
I would come up with something that looks a hell of a lot better than this, but I just wanted to give you a basic example of how this works and simply, you know, printing out bad, bad age or bad.
Email is an easy way to do that.
One of things that you could do here is basically what you do is you could reprint the four like, really, if you're doing this in a production environment, even if you're using PHP, that's what you do, is you.
Instead of simply saying bad age or bad email, what you could do is you could reprint the form with the default values into the form, whatever the person has put him before.
And then you could came the C S s to do something like make make the title or whatever red.
So people know that's where the problem is.
And so this is again.
This is one of those things you have to think about.
Programming world is there's there's showing you how to use a function, right?
I saw a show.
I showed you how to use Filter Underscore bar using a validation filter so I can show you how to do that.
But then, how you use when I showed you today to actually build a product right?
That's where the creativity comes in.
That's where you have to figure out.
You know what?
What kind of response do I want to give do?
I don't want to give a response how easy d'oh think And that's That's a thing, right?
How much work do I want?
Todo to make it easier for the end user.
Unfortunately, way too many coders out there really lazy.
One of the reasons we see so many bad products in the real world coding products in the real world is because the coders related Dakota was like, Well, I could either spend another five hours, you know, making us all pretty and nice and easy for the end user to use.
Or I could go home and have a beer too many times to go home and have a beer.
So that's what you have to think about, right?
You know, there's a difference between understanding how a function works and then creating an output from that function.
That's easy for the end user.
So these were some of the kind of things to think about again.
The code that I showed you today is very ugly.
It's very nasty, but it gives you a demonstration of basically giving you an idea of how this works.
So as always, I enjoy doing this class and I look forward to seeing the next one.
Apparently, the type of content you just saw is not what Susan W.
Wants for the future of YouTube.
This means that recommendations by YouTube to this channel have dropped massively, and views are becoming a comically small I hate to ask.
I used to say I would never ask, but if you could subscribe like common and most importantly, share the videos that you appreciate, that may help slow the death of this channel.
Do you remember that if anything at all happens to this channel.
You can go to Eli, the computer guy dot com, to view the content and access information not available on YouTube.