User Input

Three techniques can be used to pass data that drives the querying process in a web database application:

  • Manual entry of a URL to retrieve a PHP script resource and provide parameters to the resource. For example, a user may open a URL using the Open Page option in the File menu of the Netscape web browser.

  • Data entry through HTML <form> environments. For example, <form> environments can capture textual input, and input is made by selecting radio buttons, selecting one or more items from a drop-down select list, clicking on buttons, and through other data entry widgets.

  • Embedded hypertext links that can be clicked to retrieve a PHP script resource and provide parameters to the script.

Using an HTML <form> and clicking on hypertext links are the most common techniques for providing user input for querying in web database applications.

In practice, user data or parameters are passed from a web browser to a web server using HTTP; tutorial 1 contains an introduction to HTTP and more details can be found in Appendix B. Using HTTP, data is passed with one of two methods, GET or POST. In the GET method, data is passed as part of the requested URL; the GET method gets a resource with the parameters modifying how the resource is retrieved. In the POST method, the data is encoded separately from the URL and forms part of the body of the HTTP request; the POST method is used when data is to be posted or stored on the server. The HTML <form> environment can specify either the GET or POST method, while an embedded link or a manually entered URL with parameters always uses the GET method.

In this section, we discuss how to:

  • Pass parameters from a web browser to a PHP script. You will see how HTTP requests can include user data by creating URLs, developing HTML <form> environments, and embedding links in HTML documents.

  • Process user data to ensure it is a minimal security threat to the web server or the DBMS.

Section 5.2 introduces techniques to execute queries that include user input and to present the results.