This is the start of a new series of articles on passing variables.  A series about coding web pages with PHP.  PHP is an interactive, interpretive, scripting language that works well with HTML to communicate with the database, and create dynamic applications for the Internet. As such this series will combine HTML and PHP to accomplish varies tasks.

The focus will be on passing variables.  Why passing variables?  Because the Internet is stateless.  By stateless, I mean that every request going to the Internet server is independent of any other request.  The Apache server delivers a web page from the server to the browser on your computer, and when you click on another link, probably a new server will deliver another page. The servers could be physically located half a world apart.  How do we move data from one page to the other when each page stands on it own?  The new page that loads, does not know anything about the preceding page, unless of course, you pass some informaton from the one page to the other.

And that’s where the problems start.  If I assign a variable on one page, that variable ceases to exist in the new page.  It’s gone.  Variables only persist while in an individual page.  If I type in my name on an Internet page, how does the new page repeat my name back, like Amazon does when you log in?

Well, that’s a good question and the subject of this series.  By passing variables, I mean passing data, whether its your name, or phone number, or the results you entered in a survey from one web page to another, or from the web page to the database and back to another web page.  We’ll focus on “Passing Variables,” getting data moving around your system.

“Passing Variables” probably causes more problems in coding than any other issue.  You pass the data a user fills out in a form, back to a “controller” file.  This takes in the information, and assigns the indivual data to variables or an array.  The information is validated and if there is an error, an error screen will be called, if the data is ok, We can pass these variables back to a “model” file for saving in a database, again passing variables between pages.

The next page comes up, calls a function to get the informaton out of the database, passes the data back to the new page, the new page shows the same form with the information you filled in the form populated in the form.  The form page you filled in is a different page then the page that had the blank form you initially filled out, with perhaps an error message, saying a field you forgot is required.

We will cover some HTML and more PHP.  Topics I hope to cover are: Forms, Get, Post, Cookies, Sessions, function variables, returns, arrays, and passing objects.  As far as syntax, we will eliminate any extraneous html or php that is not necessary to make our point. You’ll see no div’s, or ul’s. or li’s.  We assume you know what needs to go else where in the page to make it work, and are reading the post, because you just need that snippet of code to make it work.  We definitely want to make the page an easy reference when your stuck to quickly look up the right code sequence and syntax, and you just want to know how to do that…

And with that…we’re off…

We can’t pass data to another page until we have some data.  The way we  input data in web pages is with forms.  Forms are created with html, more easily created with html then styled in CSS, but that’s another article.

Forms are created with the <form> tag, and of course, the form ends with a </form> tag.  Form is a block element.  Any submitting elements between these two tags are processed as being part of the form.

Let’s create a form with some input elements as an example of proper html syntax:

First Name







Notes




Select an Option

Ford
Chevy
BMW




Pre School Checklist:
Pencil:

Notebook:

Textbook:

Pack:




Pick your Poison:
 Cauleflour 
 Brussel Sprouts 
 Black Beans 

The above code yields a form that looks like the image below in your browser (click to enlarge image).

You fill in the form on the web page, click the, “Click me when the form is filled out!” button, and the data you entered into the form is sent to the file “../controllers/example_controller.php” which you specified in the action parameter in the opening form tag.

Some notes on the form itself, I included a hidden field not displayed in your browser window.  Now don’t get excited about secret codes, or something evil you could pass in to the site, because this is not secure.  All you have to do is View->PageSource in your browser, and you can see the “hidden field” value. It is not used a lot because of this, but it can be used if you want to pass some data to another page when the form is submitted that would not be normally obvious to a user.

You’ll notice that each type of input has a “name” tag. The “name” tag is important, it’s how you identify the the data that is coming to the next page.  For example, the name of the first input box is “firstname,” when I get to the next page, I’m going to ask for “firsname” when I want the contents of that input, Which brings us to the topic at hand, passing data to another page.

We can pass form data to the, “../controllers/example_controller.php” file in one of two ways either “Get,” or “Post.”  The method we use to send the data is a parameter in the initial form tag, like so, method = “post,” or method=”get”  We’ll cover this in our next article.  For now, in our initial web page we have collected the data, when the user clicks on the submit button, we pass the data to another page or file.  And we’ll talk about what the receiver file has to do to catch the data in our next article.

Last post we talked about how we normally get data into a system with a form. The user enters his information into the form and clicks the submit button. The browser then sends the data to the server.

Back at the server, php sets aside some memory, the server stores the information in that memory location, and calls the next page. That page is what the developer specified in the form command.

Here’s the form again:

In this case, the action parameter tells the server what file to go to next, controller.php.

The more interesting questions are how the browser passes the information to the server, and how the controller.php file gets that information out of memory. Those questions are answered by the method parameter in the form tag, in this case, GET. Get is one of the two methods you can use to get data from the browser to your program file.

The GET method tells the browser to package the site and form data as part of the URL sent to the server calling the next page. For example, if we go to the W3C site at http://www.w3.org/ , and in the Google search box on the right side type, “CSS,” click the magnifying glass, and look at the URL at the top of the page.

You’ll see: “http://www.google.com/search?q=site:w3.org&q=css&search-submit=” The browser packaged the site “w3.org”, the variable data, “css,” and the variable, “search,” into the URL after the “?”

Now, to get this information into the controller.php file with use the php $_GET method.

And here’s how you get the data into the controller.php file:

$searchinfo = $_GET['searchit'];

Notice how the name parameter of the input tag, searchit, is the name of the variable we use to GET the information back out of memory.

if we echo the variable we just created, $searchinfo ,

echo "The search word is: ". $searchinfo;

The answer we get is:

The search word is: css

We’ve passed the data from the form input page to the controller.php page.

Now some thoughts. The best place to use get is with queries, as shown above, not when your passing sensitive information, like your social security number. Why? For obvious reasons, all your information is in the URL for anybody to see. GET is not secure, but for a search box, it’s fast and easy.

Another thing, the URL has a maximum size. Surprising it is mostly set by the browser you use, Internet Explorer is 2048 characters, Firefox is 65,536, Safari is 80,000 and Opera in 190,000. Nothing to really worry about, but its best to keep the “Get” method to short queries back to the server. Get gets a bad rap for messing up the URL line, and putting the data out there for everyone to see. It’s not used that much, except for search queries, mostly form data is posted, which we’ll talk about next.

In my last post, we covered the GET method, get is one of two methods used to get information from the client’s browser to the server, the other method being “POST.” You’ll find that “post,” by a wide margin, is the method used by developers, over the less secure, “get.”

The post method is used when you have a large amount of data in your form, and when you want to be more secure with the data, and not have it so visible, as with the “get” method.

Let’s have a little fun and review forms a bit, we’ll start with a form the developer might put on a page for the user to fill out in his browser window. Here’s the body of the html with the form.

Tell Us about Yourself


First Name: 


Last Name: 


 My favorite ice cream flavors are (pick all that you like): 
French Vanilla
Chocolate
Black Rasberry
Vanilla Fudge
Strawberry
Cookie Dough
Coffee

What is your favorite pet?
Dogs
Cats
Horses
Parrots
Snakes
I don't like pets

What is the make of the current car you drive:


Buick
Ford
Chevy
Dodge
Pontiac
Toyota
BMW
Mercedes Benz
Other


Tell us about your favoite hobby and why you like it: 

And here is what the form will look like in the browser. I’ve filled in some example data in the form in the browser window for us to use in the next file. In this case the form action will send the form information to “formctrl.php” which we’ll will use to echo out the data.

Here is the php code, minus the php tags, we’ll use to retrieve the data in the “formctrl.php” file, and then, in this case, echo out the data to the screen. Notice that the syntax to retrieve the data is the same as we used for “get,” except we substitute the word, “post,” instead. The data variable in the post portion comes from the “name” tag in the form for each input method.

In the case of asking for ice cream flavors, we selected more than one choice, so we created an array by putting an [] after the name in he checkbox, called, “checkit[]” To retrieve the data from the array, we initialized an array variable in the next file, “$checked,” and then use a foreach loop, and go through the array one choice at a time to retrieve the choices.

$fname   = $_POST['fname'];                  // First Name
$lname   = $_POST['lname'];                  // Last Name
$checked = array();
$checked  = $_POST['checkit'];              // Ice Flavors
$radsel   = $_POST['radioselect'];           // Favorite Pet
$dropcar   = $_POST['dropdowncar'];      // Car
$note   = $_POST['notes'];                    // Comments

echo "And now let's check the data from the form.";
echo "";
echo "";
echo "Hello, Mr. ". $lname . ",";
echo "";
echo "Or can we call you, ". $fname ."," ;
echo "";
echo "What are some of your favorite ice cream flavors?";
echo ""; 

foreach ($checked as $ic ){
   echo "I like ". $ic ."";
   }

echo "";
echo "And what is your favorite kind of pet? ". $radsel .".";
echo "";
echo "";
echo "Thanks ". $fname.",";
echo "";
echo "Can you give me a ride?  ";
echo "What kind of car do you drive?";
echo "";
echo "Yes, a ".$dropcar .".";
echo "";
echo "Any thing more you'd like to say?: " . $note  ;
echo "";
echo "OK, What ever you say, Let's go! ";

And here is what the output of the above file will look like in the browser window.

I think from the above example you can see why “post” is the most popular method used with forms, the user’s data remains hidden until you specifically get the data in the next file.

We’ve covered passing the user’s information from his browser to a file on the server. We’ll next move on to keeping information about an individual user separate from another user, and retrieving it later.

Cookies, cookies, cookies, we’ve heard about cookies now for many years, the perenial red herring, used like the threat of a nuclear bomb, to strike fear in the hearts of all who used a personal computer to surf the Internet, maybe not quite that forceful, but never in a favorable light. Cookies were started by Lou Montulli of Netscape in 1994, and they were first used by Netscape to see if a visitor had previously been to their site. Besides the Netscape browser, they were next supported in release 2 of Internet Explorer. Every browser since then has supported cookies. The general public first became aware of cookies early in 1996, and has been suspicious of them ever since then.

Cookies are bits of text information stored on your computer from a site you have visited on the Internet. They are stored in a different folder on your computer depending on what browser you are using, and if you surf the Internet a lot, you can amass quite a few of them. If cookies have such a bad reputation, one has to ask, why do all browsers support cookies?

Cookies offer web site owners and you several advantages. When your browser stores bits of text information from a web page on your computer, it allows the web site to know what page you’ve visited, and choices you’ve made on that page. For example, cookies can keep track what items you have selected in a shopping cart, and keep the list for you, even if don’t return to the site for a couple of weeks or even years, if the cookie is still on your computer. Another example is saving your login information so you don’t have to login every time you return to the site. If you have ever returned to a site, and gotten a “Welcome back, Frank” type of message, you can thank cookies.

For marketing cookies can be used to see what pages you have visited on a web site, the domain or page URL can be stored as you visit every page. Thus was born the often dreaded “DoubleClick” cookie, which can track your Internet usage from one site to the next site and gather a history of your web usage. Some consider this malware, adware, or spyware, whatever you want to call it, and they use programs to remove all the cookies on their computer to “protect” their PC.

And there lies some of the problems with using cookies to retain data. Although cookies are specifically linked to the user, his computer, and his particular browser, they are still, by many, considered to be malware, because they can pass your personal web usage history to marketing organizations, even though, it may seem anomynous, it’s still your history being passed. Cookies are not secure from others, which reminds me to warn you against putting any sensitive user information in cookies. They can be viewed by others.

Users delete cookies with cleaning and malware programs, or by disabling cookies in their browser, because of this, as a way to save information beyond the current session, cookies are unreliable for storing information, and inconsistent in storing information from one user to the next. Besides for marketing reasons, cookies are mainly used to retain user information on a current session. Instead, most websites require a user to log in, and by doing this, the user’s information is retained on the server, instead of on the user’s computer, a safer and quicker way to retain information from one web page to the next, especially for ecommerce.

Nevertheless, cookies can be useful, in retaining information about the user that is non-personal, like your favorite color, or the language you speak, and they can retain this information for a fairly long period of time, thus, they are still in use some 15 years later. Are purpose is to show how to use cookies to store information, which we’ll address in are very next post.