ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am hoping to create an online form for data collection. I have done this before using HTML and PHP. My first project was a simple online test of 100 multiple choice questions and it worked very well.
My new form is a little more complex in that there are to be other input types. My first project only had check boxes for A,B,C and D answers. The new form will have text input and drop down boxes. The responses will initially be emailed to me but might eventually be added to a database.
Is PHP the best choice for this sort of project? I know that I could use a provider such as Google forms (or a paid provider) but I want to do this myself.
Only if it's your favorite platform and you're conscientous about following best practices to guard against attack vectors such as SQL injection and XSS.
Almost any alternative to PHP will handle those automatically.
Before I make a recommendation, I'd ask two questions: which programming language(s) do you enjoy working with, and which ones do your preferred web hosts support?
I agree that PHP is a good choice, with "best practices" being acknowledged as for any language or implementation.
As noted above, the form elements for a web based application are actually HTML elements (link is v4.01, see 5.x also), although you may generate them with PHP. You should learn how the work of generating and processing a form is divided among client (usually browser) and server (HTTP, usually apache), HTML (specification), and scripting language (PHP, Perl, Python). There can be other components such as client side scripting (javascript) and of course, the database.
If you intend to interact with a database, probably MySQL, then PHP is an excellent choice due to easy native support for MySQL.
Last edited by astrogeek; 03-05-2018 at 01:37 PM.
Reason: Changed HTML link to forms section
And, if you simply want to do some on-line data collection, there are plenty of sites out there which provide that service with no programming needed on your part at all.
The form itself can, and should, be purely XHTML + CSS with no PHP or Javascript. That will save a lot. Then on the back end, you really have you choice of Perl, Python, PHP, or even Java -- whatever you are comfortable in writing. There will be libraries you can use to track sessions and deal with forms and so on. Of the APIs I prefer FastCGI, it's up to you though.
However, I'll just add two pieces of general advice, though, since they are not yet common knowledge even after 2+ decades:
Please be absolutely sure to do two things with your data. First validate and sanitize it. That is verify that the data you receive is of the type expected, then remove or reject anything deviating from that. Second when working with your database back end, be sure to build your queries using placeholders inside separate prepare and execute statments.
Simply doing those two things will save you a world of trouble. It may save the rest of us some trouble too.
As stated, use PHP if you're comfortable with it.
Personally, when I started doing web-based application programming, I ran into some problems with PHP security that I didn't know how to solve, so I switched to perl.
I've used static form pages to feed data to a perl script that validates and loads a database.
I've also used perl to generate forms as well as perform the server-side functions, when the form is dynamic.
These days, I understand PHP to be better hardened out of the box, but I've been hacking perl for nearly 20 years now...too late for me to change
PS Excellent advice from Turbocapitalist and dugan. In particular, be sure that the script emailing to you can't be used to email to anyone else to avoid it being hijacked by spammers.
Thanks for all of your input and thoughts. I'll continue with PHP. It seems as though it will get me to where I want to be.
dugan
Quote:
Before I make a recommendation, I'd ask two questions: which programming language(s) do you enjoy working with, and which ones do your preferred web hosts support?
I don't have enough experience to draw on to say whether I enjoy PHP but it's the only language I have used My host supports it too.
sundialsvcs
Quote:
there are plenty of sites out there which provide that service with no programming needed on your part at all
As I said in my post, I want to avoid online services. I kind of want to do this myself. Of course, I'm happy to be persuaded that an online service would be a good choice. Do you have any recommendations? Google only seemed to bring up paid services.
Turbocapitalist
Quote:
First validate and sanitize it. That is verify that the data you receive is of the type expected, then remove or reject anything deviating from that. Second when working with your database back end, be sure to build your queries using placeholders inside separate prepare and execute statements. Simply doing those two things will save you a world of trouble. It may save the rest of us some trouble too.
Absolutely. This is really good advice.
scasey
Quote:
In particular, be sure that the script emailing to you can't be used to email to anyone else to avoid it being hijacked by spammers.
This hadn't even occurred to me. Great point.
Again, thanks to all for taking the time to reply. Now I'd better get on with it!!
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
A few lessons I myself have learned doing exactly what you are doing
If you have not already done so, learn how to use functions in PHP, functions should be as generic and single purposed as possible, as a well written function can be used over and over again instead of re-writing the same logic every time you need it.
A simple script like yours should have at minimum 3 functions
a main function which will then check if the form has been submitted and then invoke the form processing function if it has, then invoke the function to render the page
a function to render the page
a function to process the submitted form
as the script gets bigger (if it does)
the render part can be divided into at the minimum
render header
render body
render footer
render body could be split into
render messages
render rest of page
the process part can be divided into the minimum
sanitize input
verify input (return error message to user if this fails)
process data - eg
email data to you and/or person filling out form
store submission in database or write to file
if the functions are written generically enough, you can use the same sanitize/verify/process functions later on if you decide to add more forms and the only function that will differ in the rendering phase is the body rendering
I built 40% of the form and then my capricious client changed direction and I was forced to start again. I considered what sundialscvs has said:
Quote:
Originally Posted by sundialsvcs
And, if you simply want to do some on-line data collection, there are plenty of sites out there which provide that service with no programming needed on your part at all.
I hunted around for the right tool for the job and found Ninja Forms. The Wordpress integration (with add ons) gives exactly what I needed for a speedy delivery of this 8 page form.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.