WEB DEVELOPER SITE
HTMLCSSJAVASCRIPTSQLPHPBOOTSTRAPJQUERYANGULARXML
 

PHP 5 Form Handling


The PHP superglobals $_GET and $_POST are used to collect form-data.


PHP - A Simple HTML Form

The example below displays a simple HTML form with two input fields and a submit button:

Example

<html>
<body>

<form action="login.php" method="post">
Name: <input type="text" name="name"><br>
Pass: <input type="text" name="pass"><br>
<input type="submit">
</form>

</body>
</html>

When the user fills out the form above and clicks the submit button, the form data is sent for processing to a PHP file named "login.php". The form data is sent with the HTTP POST method.

To display the submitted data you could simply echo all the variables. The "login.php" looks like this:

<html>
<body>

Welcome <?php echo $_POST["name"]; ?><br>
Your pass address is: <?php echo $_POST["pass"]; ?>

</body>
</html>

The output could be something like this:

Welcome John
Your pass address is sdawe324#1

The same result could also be achieved using the HTTP GET method:

Example

<html>
<body>

<form action="welcome_get.php" method="get">
Name: <input type="text" name="name"><br>
Pass: <input type="text" name="pass"><br>
<input type="submit">
</form>

</body>
</html>

and "welcome_get.php" looks like this:

<html>
<body>

Welcome <?php echo $_GET["name"]; ?><br>
Your pass address is: <?php echo $_GET["pass"]; ?>

</body>
</html>

The code above is quite simple. However, the most important thing is missing. You need to validate form data to protect your script from malicious code.


GET vs. POST

Both GET and POST create an array (e.g. array( key => value, key2 => value2, key3 => value3, ...)). This array holds key/value pairs, where keys are the names of the form controls and values are the input data from the user.

Both GET and POST are treated as $_GET and $_POST. These are superglobals, which means that they are always accessible, regardless of scope - and you can access them from any function, class or file without having to do anything special.

$_GET is an array of variables passed to the current script via the URL parameters.

$_POST is an array of variables passed to the current script via the HTTP POST method.


When to use GET?

Information sent via a form using the GET method is visible to everyone (all variable names and values are displayed in the URL). GET also sets limits on the amount of information that can be sent - about 2000 characters.

because the variables are displayed in the URL, it is possible to bookmark the page, which can be useful in some situations.

GET should NEVER be used for sending passwords or other sensitive information! When using POST or GET, proper validation of form data through filtering and processing is vitally important to protect your form from hackers and exploits!

When to use POST?

The two methods for submitting forms are GET and POST.

Information sent from a form via the POST method is invisible to others, since all names and/or values are embedded within the body of the HTTP request. Also, there are no limits on the amount of information to be sent.

POST is the preferred method for sending form data.