|
We've been talking about input forms (html elements), and then php scripts to process a submitted form:
<!-- inside form.php (or, form.html) --> <form submit='submit.php' action="post"> Login: <input type='text' name='userid' /> <br /> Remember me?: <input type='checkbox' name='remember' value='yep' /> … </form> |
<!-- inside submit.php --> <?php echo "Hey there ", $_POST['userid']; if (array_has_index('remember',$_POST)) { echo "How could I ever forget?"; // $_POST['remember'] = 'yep' } ?> |
Our functions have test cases, and this helps gives us confidence before we ever deploy to the web. But what about form-handlers? The result from form-handler is a long page that includes various bits from the form. It's too tedious to make this a check/expect sort of test, since the details of the html part of the output aren't relevant (and might change). Moreover, generating the page requires the POST data, that were entered by hand back in the form. But we would like to be able to check that the form-handler without going through the web, and also eyeball-check the result on certain inputs w/o having to continually re-type the inputs and call up the form.
The php server, when it gets a request for a file foo.php, chooses to run foo.php (and serve back whatever that file printed). If the server sees that the http-request-packet included form info, then before it (creates and) runs the following php program instead: it runs the php
<?php $_POST["quest"] = "more pizza"; // Assign the key/value pairs that $_POST["is-happy"] = "yep"; // were in the http-request-packet. // etc require_once('foo.php'); ?> |
We can use the same trick Apache does! We will write the following programs, to test our form-handler:
<?php // ~~~~ this is the file: form-handle-test2.php ~~~~ $_POST["quest"] = "more pizza"; $_POST["is-happy"] = "yep"; // etc require_once('foo.php'); ?> |
<?php // ~~~~ this is the file: form-handle-test0.php ~~~~ // $_POST is empty require_once('foo.php'); ?> |
<?php // ~~~~ this is the file: form-handle-test1.php ~~~~ $_POST["quest"] = "this is something very very long that soembody might type in"; // etc require_once('foo.php'); ?> |
<?php // ~~~~ this is the file: form-handle-test3.php ~~~~ $_POST["quest"] = "this is something very very long that soembody might type in"; $_POST["is-happy"] = "here is an input that might come from a malicious attacker who bypassed the form and is trying to overflow an internal string buffer by providing a very very long input."; // etc require_once('foo.php'); ?> |
Reasons why testing like this is good/handy:
in addition to running such programs entirely separate from web, a web-firm would also want to auto-test their pages w/o needing to go to the URL from a browser "manually". So, you'd run `curl`, which is a *program* that can request URLs (including headers and form-data). That way you can fully automate your test suite: make `curl` requests with different form data, and then have a program that examines the resulting html to make sure certain things do/don't appear in it.]
Examples:
Here are php programs which simply initialize
Awesome sauce: We can run these handler-tests locally, or over the web. The former is useful when the latter isn't showing up as expected.Although we use these to manually test our handler, they are not unit tests (they're not automated). Admittedly, the filename topic-handle-sample-input-N.php might be better a more descriptive name than just topic-handle-test-N.php, but we'll concede to a shorter, more convenient name.
This page licensed CC-BY 4.0 Ian Barland Page last generated | Please mail any suggestions (incl. typos, broken links) to ibarlandradford.edu |