Ready to watch this entire course?
Become a member and get unlimited access to the entire skills library of over 4,900 courses, including more Developer and personalized recommendations.Start Your Free Trial Now
- View Offline
- Understanding forms
- Adding required fields and placeholders
- Accepting multiple entries
- Limiting uploads
- Handling focus changes
- Validating with regular expressions
- Working with older browsers
- Building jQuery validation
- Using server-side validation
- Sanitizing form input
- Uploading files
- Sending form data to a database
Skill Level Intermediate
Now that we have our database and tables ready, and we've created a file to store our database log in information, we're ready to push information from our form into our database. Now, if you've got your server set to display notices and warnings, you might notice some notices if people don't fill out some fields. So before I do anything, I'm going to clean up that by assigning an empty value to anything that comes across with no data. So I'm going to go into my process.php file and right at the very top, you'll see that if these values come in our set, then we assign them to variables. But if they're not set, they can be empty.
And sometimes that causes a PHP notice. It's not really a big deal. In production you should never have your notices turned on, but in development you may have them on, and they may be annoying you. So, I'm going to show you how to get rid of that. And what you want to do is, essentially add else right here, and then just set whatever variable you have. So in this case it will be my name to an empty string. And that's pretty much it. But we have to do it to all these, so I'm going to go into my code snippets file and just grab this. Copy this and replace the ones we have here with new ones. You may notice that there's one of them that's a little bit different. The favorite music is an array, and so I have to set that to an empty array string.
And even if I like the way these are formulated, they are probably easier to read, but lets go and do them like this. And we'll leave the comment one like that because we're actually sanitizing that string little bit. So now, we need to talk about security a little bit. This from has a password field, and its really not a good idea to ever store the password in plane text anywhere. So we need to encrypt it. PHP has a number of functions that you can use to encrypt data. Encryption usually means passing a string through a filter and getting another string back. The newest version of this function to encrypt data is called hash. You should read up on the documentation for this function. The cool thing is that the hash function lets you encrypt in a variety of different formats.
You can see the list of the formats right here. So hackers are less likely to know what the encryption method for your site was. Whenever you create and encrypt a passowrd, it is also a good idea to salt it. So what is salting? You see one of the problems of hashing passwords is that if two people type in the same password, they will both have the same converted strings. So hackers can sometimes look at a list of hashed passwords and figure out which are which based on a frequency algorithm, or sometimes logging in with certain passwords and then seeing what their hashes are. Salting your password means, adding another string to each password so that even passwords with the same names will have different hash strings. So I'm going to show you one way to do that.
I'm going to use the time function to hash the passwords. So I'm going to come down here and right after our form data, I'm going to set the time zone. Because it's important for you to set the time zone, you may get a notice if you don't do this. It's not really a big deal. So you want to set the default time zone and that is a series of strings. You can use US, Eastern, it really doesn't matter what you set the time zone to, and that might be part of your hashing. Making the time not the current time of the time zone that you're in, but some other weird time zone. What you really want to do is try to confuse the hash as much as possible, but still be able to recreate it yourself.
So now I'm going to create a variable to hold the current time in Linux format. So you could just do a variable called currtime, and we'll set it to the time function. Here's the time function on the PHP manual. I'm also going to create a date to store into our database. When logging someone in, you're going to have to recreate that hash. So that's why we created field for the date in our database, so that we can store this time and recreate the hash if we need to. I'm creating this date in a format that is compatible with MySQL. You can take a look at the different options for the date function in this page.
You can see the different options right here. Now we're ready to create the salt, convert it to a hexadecimal string. And although you don't have to do this, that will create an even more random hash. The point is to do something unexpected that only you know about. So you probably want to use a trick that's not the same as mine. I'll call this one, salty. And I'll add the password we receive from the user at the end of it. The Dec Hex function converts a decimal to a hexadecimal value. You can take a look at the documentation on this page. So finally I'm ready to use the hash function.
I'm going to use the sha1 as the hashing format and pass along our salted variable. You can take a look at the manual for the hash function right here, and make sure you scroll down and you check out all the different types of hashing algorithms you can use. So now we're ready to insert this into our database. I don't want to email this data anymore, so I'm going to clear out this section right here. Now we need to include the document with the database login credentials. So I'll use the include function and I'll include the file we created in the previous movie. We need to connect to our data base.
The current way to do this is by using the mysqli_connect function. So I'm going to create a forminfolink variable. This creates a link to the data base and use mysqli_connect to connect to our database. Now, here what I want to do is pass other variables that are in this other file that we created earlier. So, I need to pass it the host name, the password and the database name. Then we need to create a query. The query is going to be a standard SQL command to insert our variables into our form info database. The typing for this gets a little tedious so, I'm going to copy from the code snippets file.
So I create a variable for the query and we paste it over here, indent it, and I'll walk you through it. So, here, I'm inserting into the table called Form Info, the following values, and the field names here are the same as what I created in my table. The values is what I'm going to pass from variables that the user has submitted. Now the first one is set to nothing. And that's because our first field is an out of increment field. The database will provide this field for us automatically, we don't need to worry about it. The next one is the date for the database.
That is the date that is using the time that we created and used as a salt. That's important to store in there. Then we have the data from the user, my name and then the salted version of the password as well as my comments, the reference. And what I'm doing with the favorite music is, since the information is an array, I'm actually using the implode function and putting a comma in between. What that does is, when the user submits different check boxes, it's just going to create a string that's every check box they click on separated by a comma and a space.
Then finally the request type. So next just like with the mail code, we're going to check to see if the query was successful. And if it was we'll print the message, otherwise we're going to print an error. I'm going to also copy this from code snippets. So here's how this is working. First we create a variable called, Form Info Result, then we run the mysqli::query command, passing along the link as well as the query that we just created up here.
That function will create a boolean variable that gets fed into the Form Info Result. So, if the query was successful, then we can output a message. We've got a normal version of the message as well as an AJAX version of the message. Now, if there's a problem with the database, we output another message. Now, if you're debugging, you may want to add the query right here. You don't really want to have it in production, just in case somebody gets an error, or causes an error in your database, you don't really want to output the query for everyone to see. So if you add the query right here make sure you delete it before you go into production.
So then after all this we just need to close the database. We do that with the mysqli::close, and we'll pass it along the link that we created earlier. Form info link, and let me go ahead and save this. An we'll go back into our form and try filling something out. When I hit the Send button, I should get the "form data has been processed, thanks." And if I go back into my database I'll refresh this page. I'll click on my database, and now I should be able to see the Browse Tab because an entry has been created into the database. And here's my wonderful entry with that gargantuan hash. Developers love databases because they make it easier to aggregate data and create reports.
Although some of the forms are emailed, most data from a form should be stored into databases. MySQL how to create reports and read data are pretty complex subjects. Thankfully we have some great courses on the library like MySQL Essential Training form Bill Weinman. Make sure you check that out.