PHP vs other for online form

esteeven · 03-05-2018, 01:04 PM

I am hoping to create an online form for data collection. I have done this before using HTML and PHP. My first project was a simple online test of 100 multiple choice questions and it worked very well.

My new form is a little more complex in that there are to be other input types. My first project only had check boxes for A,B,C and D answers. The new form will have text input and drop down boxes. The responses will initially be emailed to me but might eventually be added to a database.

Is PHP the best choice for this sort of project? I know that I could use a provider such as Google forms (or a paid provider) but I want to do this myself.

Thanks in advance.

dugan · 03-05-2018, 01:18 PM

Quote:

Is PHP the best choice for this sort of project?

Only if it's your favorite platform and you're conscientous about following best practices to guard against attack vectors such as SQL injection and XSS.

Almost any alternative to PHP will handle those automatically.

Before I make a recommendation, I'd ask two questions: which programming language(s) do you enjoy working with, and which ones do your preferred web hosts support?

NevemTeve · 03-05-2018, 01:23 PM

Well, PHP doesn't do anything for GUI, it only generates HTML+JavaScript. HTML+JavaScript, on the other hand, is quite suitable for your purposes.

astrogeek · 03-05-2018, 01:34 PM

I agree that PHP is a good choice, with "best practices" being acknowledged as for any language or implementation.

As noted above, the form elements for a web based application are actually HTML elements (link is v4.01, see 5.x also), although you may generate them with PHP. You should learn how the work of generating and processing a form is divided among client (usually browser) and server (HTTP, usually apache), HTML (specification), and scripting language (PHP, Perl, Python). There can be other components such as client side scripting (javascript) and of course, the database.

If you intend to interact with a database, probably MySQL, then PHP is an excellent choice due to easy native support for MySQL.

sundialsvcs · 03-05-2018, 01:57 PM

And, if you simply want to do some on-line data collection, there are plenty of sites out there which provide that service with no programming needed on your part at all.

Turbocapitalist · 03-05-2018, 02:00 PM

The form itself can, and should, be purely XHTML + CSS with no PHP or Javascript. That will save a lot. Then on the back end, you really have you choice of Perl, Python, PHP, or even Java -- whatever you are comfortable in writing. There will be libraries you can use to track sessions and deal with forms and so on. Of the APIs I prefer FastCGI, it's up to you though.

However, I'll just add two pieces of general advice, though, since they are not yet common knowledge even after 2+ decades:

Please be absolutely sure to do two things with your data. First validate and sanitize it. That is verify that the data you receive is of the type expected, then remove or reject anything deviating from that. Second when working with your database back end, be sure to build your queries using placeholders inside separate prepare and execute statments.

Simply doing those two things will save you a world of trouble. It may save the rest of us some trouble too.

scasey · 03-05-2018, 05:36 PM

As stated, use PHP if you're comfortable with it.
Personally, when I started doing web-based application programming, I ran into some problems with PHP security that I didn't know how to solve, so I switched to perl.

I've used static form pages to feed data to a perl script that validates and loads a database.

I've also used perl to generate forms as well as perform the server-side functions, when the form is dynamic.

These days, I understand PHP to be better hardened out of the box, but I've been hacking perl for nearly 20 years now...too late for me to change

PS Excellent advice from Turbocapitalist and dugan. In particular, be sure that the script emailing to you can't be used to email to anyone else to avoid it being hijacked by spammers.

esteeven · 03-06-2018, 09:25 AM

Thanks for all of your input and thoughts. I'll continue with PHP. It seems as though it will get me to where I want to be.

dugan

Quote:

Before I make a recommendation, I'd ask two questions: which programming language(s) do you enjoy working with, and which ones do your preferred web hosts support?

I don't have enough experience to draw on to say whether I enjoy PHP but it's the only language I have used

My host supports it too.

sundialsvcs

Quote:

there are plenty of sites out there which provide that service with no programming needed on your part at all

As I said in my post, I want to avoid online services. I kind of want to do this myself. Of course, I'm happy to be persuaded that an online service would be a good choice. Do you have any recommendations? Google only seemed to bring up paid services.

Turbocapitalist

Quote:

First validate and sanitize it. That is verify that the data you receive is of the type expected, then remove or reject anything deviating from that. Second when working with your database back end, be sure to build your queries using placeholders inside separate prepare and execute statements. Simply doing those two things will save you a world of trouble. It may save the rest of us some trouble too.

Absolutely. This is really good advice.

scasey

Quote:

In particular, be sure that the script emailing to you can't be used to email to anyone else to avoid it being hijacked by spammers.

This hadn't even occurred to me. Great point.

Again, thanks to all for taking the time to reply. Now I'd better get on with it!!

frieza · 03-06-2018, 10:53 AM

A few lessons I myself have learned doing exactly what you are doing

If you have not already done so, learn how to use functions in PHP, functions should be as generic and single purposed as possible, as a well written function can be used over and over again instead of re-writing the same logic every time you need it.

A simple script like yours should have at minimum 3 functions

a main function which will then check if the form has been submitted and then invoke the form processing function if it has, then invoke the function to render the page
a function to render the page
a function to process the submitted form

as the script gets bigger (if it does)
the render part can be divided into at the minimum
render header
render body
render footer

render body could be split into
render messages
render rest of page

the process part can be divided into the minimum
sanitize input
verify input (return error message to user if this fails)
process data - eg
email data to you and/or person filling out form
store submission in database or write to file

if the functions are written generically enough, you can use the same sanitize/verify/process functions later on if you decide to add more forms and the only function that will differ in the rendering phase is the body rendering

hope this helps

esteeven · 03-07-2018, 09:47 AM

Thanks frieza - that's really useful to know.

esteeven · 05-02-2018, 02:18 AM

Update for future reference.

I built 40% of the form and then my capricious client changed direction and I was forced to start again. I considered what sundialscvs has said:

Quote:

Originally Posted by sundialsvcs

And, if you simply want to do some on-line data collection, there are plenty of sites out there which provide that service with no programming needed on your part at all.

I hunted around for the right tool for the job and found Ninja Forms. The Wordpress integration (with add ons) gives exactly what I needed for a speedy delivery of this 8 page form.

Yay!

Thanks for looking.