Home
Resources | Scripts | Themes | Tutorials | Web Hosting | Marketplaces | Affiliate Programs | Top Lists | More | Services | E-Commerce | Jobs

PHP Form Handling

By SamK
0
0 recommends
Category(s)
Web Development
Topic(s)
PHP

In this tutorial, you'll learn how to handle HTML form submission data in PHP.

In PHP, there are two methods to retrieve form submission data.

  1. Get method ( via $_GET variable)
  2. Post method ( via $_POST variable)

HTML Form (form.html)

Here is a basic HTML form code (utilizing GET method) containing two input fields and a submit button:

<html>
<body>
    <form action="submit.php" method="GET">
        <label for="username">Username:</label>
        <input type="text" id="username" name="username" placeholder="Enter your username"><br>

        <label for="useremail">E-mail:</label>
        <input type="email" id="useremail" name="useremail" placeholder="Enter your email"><br>

        <input type="submit" value="Send">
    </form>
</body>
</html>

When the user clicks the submit button, the form data is transmitted for processing to a PHP file called submit.php, which is specified in the action attribute of the <form> element.

PHP Script for Form Handling (submit.php)

<html>
<body>

Welcome <?php echo $_GET["username"]; ?><br>
Your email address is: <?php echo $_GET["useremail"]; ?>

</body>
</html>

You can achieve the same result by using the HTTP Post method instead:

<html>
<body>
    <form action="submit_post.php" method="POST">
        <label for="username">Username:</label><br>
        <input type="text" id="username" name="username" placeholder="Enter your username"><br>

        <label for="useremail">E-mail:</label>
        <input type="email" id="useremail" name="useremail" placeholder="Enter your email"><br>

        <input type="submit" value="Submit">
    </form>
</body>
</html>

submit_get.php for POST:

<html>
<body>

Welcome <?php echo $_POST["username"]; ?><br>
Your email address is: <?php echo $_POST["useremail"]; ?>

</body>
</html>

The code provided is straightforward but lacks any form of validation.

It's essential to validate form data to safeguard your script against malicious input. For example, place the inputs inside the htmlspecialchars() function, like:

<html>
<body>

Welcome <?php echo htmlspecialchars($_POST["username"]); ?><br>
Your email address is: <?php echo htmlspecialchars($_POST["useremail"]); ?>

</body>
</html>

GET vs. POST

Both the $_GET and $_POST superglobals in PHP are associative arrays, Like:

array( key1 => value1, key2 => value2, key3 => value3, ...)

Where the keys correspond to the names of the form controls (e.g., input fields), and the values represent the user input.

Key Differences:

$_GET: This array contains variables passed to the current script via URL parameters (i.e., the query string). It is commonly used when data is appended to the URL, such as in form submissions with the GET method.

$_POST: This array contains variables passed to the current script through the HTTP POST method, typically used in form submissions where data is sent in the body of the request, keeping it hidden from the URL.

Both $_GET and $_POST are superglobals in PHP, meaning they are accessible from any scope, including within functions, classes, or other files, without any need for special preparation or passing them explicitly.

When to Use GET

Information submitted via a form using the GET method is visible to anyone, as all variable names and values are included in the URL. This makes GET less secure, as sensitive data such as passwords can be exposed in the browser history or server logs. Additionally, GET has a limitation on the amount of data that can be sent, typically around 2000 characters, depending on the browser and server.

Since the data is embedded in the URL, it allows the page to be easily bookmarked or shared, which can be beneficial in cases where users may want to revisit or share the same search or filter results.

GET is best suited for transmitting non-sensitive information or data that doesn't pose a security risk, such as search queries, filters, or navigation data.

Important: GET should NEVER be used for sending sensitive information, such as passwords or personal details, as this data is visible in the URL and can be easily intercepted.

When to Use POST

Information submitted through a form using the POST method is not visible to others, as all variable names and values are included in the body of the HTTP request rather than the URL. Unlike GET, POST does not have a limit on the amount of data that can be sent, making it suitable for large amounts of data.

Additionally, POST supports advanced capabilities, such as handling multipart binary data, which is essential when uploading files to a server.

However, because the data is not visible in the URL, the page cannot be bookmarked, and the form data is not stored in the browser's history. This makes POST ideal for submitting sensitive information, like passwords, where privacy is a priority.

Questions & Answers