Signup/Sign In

PHP Form Handling

When we develop a website or a web application, we often have to create forms to take input from users, like a Login form or a Registration form.

Creating a form on the webpage is accomplished using HTML, while PHP serves as a transport for those values from the webpage to the server and then in further processing those values.

PHP provides two superglobals $_GET and $_POST for collecting form-data for processing.


Understanding How HTML Form Works

Let's create a simple HTML form and try to understand how it works, what are the different attributes available in the <form> tag and what are they used for.

<html>
    <body>

        <form action="form-handler.php" method="POST">
            Name: <input type="text" name="name"> <br/>
            Email: <input type="text" name="email"> <br/>
            <input type="submit">
        </form>

    </body>
</html>

In the code above, we have used the <form> tag to create an HTML form, with input fields for Name and Email along with submit button to submit the form-data.

In the <form> tag, we have two attributes, action and method, do you know what they are for?

  1. action: Using this attribute, we can specify the name of the file which will collect and handle the form-data. In the example above, we have provided name of a Php file.
  2. method: This attribute specify the means of sending the form-data, whether it will be submitted via POST method or GET method.

Below we have the same form with method as GET,

<html>
    <body>

        <form action="form-handler.php" method="GET">
            Name: <input type="text" name="name"> <br/>
            Email: <input type="text" name="email"> <br/>
            <input type="submit">
        </form>

    </body>
</html>

PHP Form Handling with POST

If we specify the form method to be POST, then the form-data is sent to the server using the HTTP POST method.

Below, we have the code, to access the form-data in the Php file specified in the action attribute of our HTML form.

<?php

// getting the value of name field
$name = $_POST["name"];
// getting the value of the email field
$email = $_POST["email"];

echo "Hi, ". $name . "<br>";
echo "Your email address: ". $email ."<br>";

?>

Hi, Studytonight Your email address: we@studytonight.com

You will get the above output, if you provide name as "Studytonight" and email address as "we@studytonight.com".


PHP Form Handling with GET

If we specify the form method to be GET, then the form-data is sent to the server using the HTTP GET method.

Below, we have the code, to access the form-data in the Php file specified in the action attribute of our HTML form, this time using the GET superglobal.

<?php

// getting the value of name field
$name = $_GET["name"];
// getting the value of the email field
$email = $_GET["email"];

echo "Hi, ". $name . "<br>";
echo "Your email address: ". $email ."<br>";

?>

Hi, Studytonight Your email address: we@studytonight.com

Again, the output remains the same.

The first step to process the form-data is to fetch the data using POST or GET superglobals, once you have the data, you can do anything with it, display it on your webpage, save the data into database, perform validations etc.

PHP form data handling


GET vs. POST: When to use What!

Now, you must be wondering, which one should we use. Well, both GET and POST are used for the same purpose but they work differently.

When a user submits a form, the values from the input fields are stored in an array, like array(key1=>value1, key2=>value2,...) and then passed on to the destination(Php file) specified in the action attribute of the <form> tag.


Using GET method

In case of GET method, form-data is submitted as URL parameters, i.e. all the values entered in the form fields by the user are sent to the action script, appended in the URL.

Let's take a simple example to understand, below we have a simple HTML form,

<html>
    <body>

        <form action="form-handler.php" method="GET">
            Name: <input type="text" name="name"> <br/>
            Age: <input type="text" name="age"> <br/>
            <input type="submit">
        </form>

    </body>
</html>

We have two input fields in above form, one is name and the other one is age. When we click on submit, we will be redicrected to the following URL, form-handler.php?name=Studytonight&age=5, with the form-data appended to the URL.

Sending the form-data as URL parameters proves out useful at times as you can easily bookmark links with form-data, but for appending parameters in a URL there is a limit of 2000 characters, hence for forms with large number of fields, it is not suggested, as some data might get lost or the form submission may lead to error.

The Php file form-handler.php will look like,

<?php

// name attribute of the input field goes inside the 
// square brackets of $_GET superglobal
$name = $_GET["name"];
$age = $_GET["age"];

echo "Your name is ". $name . " and you are ". $age . " years old".

?>

Your name is Studytonight and you are 5 years old

As the form-data is visible to everyone because it sent as URL parameters, hence we should not use GET method for a form with sensitive data, like passwords etc.


Using POST method

When we use the POST method, the array of key-value pair(the form-data), coming from the HTML form are sent as part of the HTTP request, hence they are invisible to the user.

Also, there is no character limit for the information/data being transmitted.

POST method also supports multipart form-data upload which is used for file upload.

We would recommend, that you use the POST method while working on any PHP web application/project.

Let's take a simple example to understand, below we have a simple HTML form,

<html>
    <body>

        <form action="form-handler.php" method="POST">
            Name: <input type="text" name="name"> <br/>
            Age: <input type="text" name="age"> <br/>
            <input type="submit">
        </form>

    </body>
</html>

The Php file form-handler.php will look like,

<?php

// name attribute of the input field goes inside the 
// square brackets of $_POST superglobal
$name = $_POST["name"];
$age = $_POST["age"];

echo "Your name is ". $name . " and you are ". $age . " years old".

?>

Your name is Studytonight and you are 5 years old