Form Handler Script - PHP

Learn how to create a sign-up form for a website with a security image. The image prevents fake sign-ups and spam. In this tutorial, we will learn how to create a security image template, then put it to use.

TABLE OF CONTENTS:

By: Nathan Rohler

Poor Best

Rating:

/ 113

September 08, 2004

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

We are now ready to write the form handler script. We will be adding another PHP block just above the <form> tag. First of all, we connect to the MySQL database. Be sure to enter your username and password. Then, we check to see if the security_refid and security_try fields are defined. If so, we define $security_refid and $security_try based on the form values. After that, we call checkSecurityImage using the reference ID and the value the user entered. Based on the value returned, we tell the user if they entered the correct code or not.

<?php
if (isset($HTTP_POST_VARS["name"]) && isset($HTTP_POST_VARS["security_try"])) {
   //Connect to database
   mysql_connect("localhost", "username", "password");
   mysql_select_db("dw_php");
   //Set variables, and call checkSecurityImage
   $security_refid = $HTTP_POST_VARS["security_refid"];
   $security_try = $HTTP_POST_VARS["security_try"];
   $checkSecurity = checkSecurityImage($security_refid, $security_try);
   //Depending on result, tell user entered value was correct or incorrect
   if ($checkSecurity) {
      $validnot = "correct";
   } else {
      $validnot = "incorrect";
   }
   //Write output
   echo("<b>You entered this as the security text:</b><br>\n
   ".$security_try."<br>\n
   This is ".$validnot.".<br>\n
   -------------------------------<br><br>\n
   ");
}
?>

The complete code listing for signupdemo.php should now look like this:

<?php
//Define function to insert security image
function insertSecurityImage($inputname) {
   $refid = md5(mktime()*rand());
   $insertstr = "<img src=\"securityimage.php?refid=".$refid."\" alt=\"Security Image\">\n
   <input type=\"hidden\" name=\"".$inputname."\" value=\"".$refid."\">";
   echo($insertstr);
}

//Define function to check security image confirmation
function checkSecurityImage($referenceid, $enteredvalue) {
   $referenceid = mysql_escape_string($referenceid);
   $enteredvalue = mysql_escape_string($enteredvalue);
   $tempQuery = mysql_query("SELECT ID FROM security_images WHERE
   referenceid='".$referenceid."' AND hiddentext='".$enteredvalue."'");
   if (mysql_num_rows($tempQuery)!=0) {
      return true;
   } else {
      return false;
   }
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Signup Demo</title>
</head>
<body>

<form name="signupform" method="post" action="<?=$_SERVER["PHP_SELF"]?>">
Please sign up for our website:
<br>
<br>
Name:
<input name="name" type="text" id="name">
<br>
<? insertSecurityImage("security_refid") ?>
<br>
Enter what you see:
<input name="security_try" type="text" id="security_try" size="20" maxlength="10">
(can't see? try reloading page)
<br>
<br>
<input type="submit" name="Submit" value="Signup!">

</body>
</html>

Preview signupdemo.php in a browser. You should see something like this:

Security Images in PHP

If you enter the text correctly, you should see something like this:

Security Images in PHP

Note: if you receive a MySQL error, ensure that you replaced "username" and "password" with the real values.

Summary and Conclusion

In this article we have learned how to use the GD Graphics Library, creating an easy solution to prevent computers from behaving like humans. We also wrote basic functions, allowing us to reuse the Security Image file in other applications.

Until next time, happy coding :-)