Databases Reference
In-Depth Information
Here, we've used the
empty( )
function to ensure that the
$username
and
$password
variables are not empty, and the
isset( )
function to check whether the
$message
var-
iable has been initialized. Note that these functions are slightly different: a variable can
be initialized (set) to an empty string. Since we set the first two variables earlier in the
script, they will always be initialized, so we need to check whether their contents are
empty or not. The
$message
variable will be initialized if a message has been passed to
us for display; let's see how this is done.
To pass nonsensitive information from one script to another, we can create our own
GET
request by adding a
query string
to the name of the target script. The query string
consists of list of value assignments separated by ampersands, and is separated from
the address of the script by a question mark symbol (
?
). For example, we can pass the
value
Problem
to the script
index.php
by assigning it to the variable
message
in this way:
index.php?message=Problem
We can call this URL using the
header( )
function we first saw in “The Reload Prob-
lem” in Chapter 14.
In the target script, we can then access these values through the
$_GET
superglobal array.
Even though we're creating this message, we depend on the browser to send it to us.
Since it arrives from the client, it can be manipulated, and so we must treat it with
caution and should apply the
clean( )
function before using it:
// Pre-process the message data for security
if(count($_GET))
{
$message = clean($_GET["message"], 128);
echo "The message is: ".$message;
}
To avoid confusing the browser with symbols such as spaces and tabs that have special
meaning in URL strings, we can process messages with the PHP
urlencode( )
function
before appending them to the requested URL. The encoded string can then be safely
used as part of a URL string. For example, the following two lines:
$message="Please choose a username and password that are ".
"at least four characters long";
$target_URL="index.php?message=".urlencode($message);
produce the
$target_URL
variable with the value:
index.php?message=Please+choose+a+username+and+password+that+are+
at+least+four+characters+long
If we want to pass multiple values, we can use the ampersand symbol (
&
) as a separator
between each variable name and value pair, as in this example:
search.php?search_term=truth&display_results=50&language=english
Most web search engines use this technique as part of their Previous and Next links in
the search results page.