Databases Reference
In-Depth Information
<body>
<?php
echo "Hello, {$_GET["username"]}";
?>
</body>
</html>
Let's assume that the file is stored on the web server in the document root of the web
server. The script can be retrieved using a web browser—in the case where it is running
localhost/printuser.php?username=Selina
. In response to the request, the PHP engine
replaces the script:
<?php
echo "Hello, {$_GET["username"]}";
?>
with the output:
Hello, Selina
In this example, the URL is automatically decoded and an array variable
$_GET
initial-
ized. The array contains an element
username
, which matches the name of the attribute
in the URL, and its value is set to the value in the URL,
Selina
. This automatic regis-
tration of variables is an excellent feature; we explain how to use it securely in “Un-
tainting User Data” in Chapter 14, and we revisit the issue of how to pass information
to scripts using the URL in “Passing a Message to a Script” in Chapter 15. Don't worry
too much now about arrays, elements, and the PHP syntax; we'll return to the details
in the next two chapters.
Files that contain PHP scripts usually have the extension
.php
instead of the HTML file
extension of
.html
or
.htm
. The
.php
extension is the trigger for the web server to invoke
the PHP scripting engine to preprocess the file. This is controlled by a directive in the
web server's configuration file, which we discussed briefly in “Configuring and Con-
trolling the Apache Web Server” in Chapter 2.
Passing variables and values using a URL is one way of transferring data from a web
browser to a web server. However, the most common technique is to use an HTML
form such as the following:
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head>
<title>Saying hello</title>
</head>
<body>
<form method="GET" action="printuser.php" />
Enter your name: <input type="text" name="username" />
<br /><input type="submit" value="Show it!" />
