PHP Tutorials
PHP Introduction
PHP Install
PHP Syntax
PHP Echo/Print
PHP Comments
PHP Variables
PHP DataTypes
PHP Numbers
PHP Math
PHP Strings
PHP If..else
PHP Operators
PHP Loops
PHP Functions
PHP Forms
PHP Form Handling
PHP Form Validation
PHP Form Required
PHP Form Complete
PHP Advanced
PHP Include
PHP File Handling
PHP Cookies
PHP Sessions
PHP Filters
PHP JSON
PHP Exceptions
PHP OOP
PHP What is OOP
PHP OOP Classes/Objects
PHP Constructors
PHP Destructors
PHP Access Modifiers
PHP Interfaces
PHP Traits
PHP Iterables
Previous
PHP Form Handling
PHP superglobals $ _GET and $ _ POST are used to collect form data.
PHP - A Simple HTML Form
The example below shows a simple HTML form with two input fields and a submit button:
Example
<html>
<body>
<form action="welcome.php" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
When the user completes the form above and clicks the submit button, the form data is sent for processing to a PHP file called "welcome.php". Form data is sent via HTTP POST.
To display sent data you can simply echo all the variables. "Welcome.php" looks like this:
<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your email address is: <?php echo $_POST["email"]; ?>
</body>
</html>
The output may be similar to:
Welcome John
Your email address is john.doe@example.com
The same result can also be achieved using the HTTP GET method:
Example
<html>
<body>
<form action="welcome_get.php" method="get">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
and "welcome_get.php" look like this:
<html>
<body>
Welcome <?php echo $_GET["name"]; ?><br>
Your email address is: <?php echo $_GET["email"]; ?>
</body>
</html>
The code above is very simple. However, the most important thing is missing. You need to verify form data to protect your script from harmful code.
Think SECURITY when processing PHP forms!
This page does not contain any form of verification, it just shows you how to submit and retrieve form data.
However, the following pages will show you how to process PHP forms securely in mind! Proper verification of form data is essential to protect your form from hackers and spam!
GET vs. POST
Both GET and POST form a system (e.g. list (key1 => value1, key2 => value2, key3 => value3, ...)). These same members hold the key pairs / values, where the keys are the names of the form controls and values are the input data from the user.
Both GET and POST are treated as $ _ GET and $ _ POST. These are superglobals, which means they are always accessible, no matter how big - and you can access them from any task, category or file without doing anything special.
$ _ GET is a series of variables that are transferred to the current script by URL parameters.
$ _ POST is a series of variables that are transferred to the current script via HTTP POST.
When to use GET?
Information submitted from the form in the form of GET is visible to everyone (all variable names and values are displayed in the URL). GET also has limitations on the amount of information that must be submitted. The limit is about 2000 characters. However, because the variable is displayed in the URL, it is possible to book a page. This can be helpful in some situations.
GET may be used to send sensitive data.
Note: GET SHOULD NOT be used to send passwords or other sensitive information!
When to use POST?
Information sent from a POST-enabled form is not visible to others (all names / values embedded within the HTTP request) and has no restrictions on the amount of information to be sent.
Additionally POST supports enhanced functionality such as binary input input while uploading files to server.
However, because the variable is not displayed in the URL, it is not possible to book a page.
Developers prefer POST to submit form data.
Next, let's see how we can process PHP forms in a secure way!