PHP Form Handling
Here, we’ll cover all the basics of handling PHP forms, everything from creating HTML forms to validating the input of the user and preventing security vulnerabilities.
Web development is not complete without forms as they provide users with ways of interacting with the website and provide them with the ability to input data.
A form can be handled using a variety of PHP methods, including the GET and the POST method, and PHP comes with a wide range of pre-defined functions and variables to make the process of form handling much simpler.
Below is an example of a simple HTML form with two input fields and a submit button:
As soon as the user fills out the form above and clicks the submit button, the form data is sent to a PHP file named “login.php” for further processing after the form data has been submitted.
Using the HTTP POST method, data from the form is sent to the server.
You can display the submitted data simply by echoing the values of all the variables.
The login.php file looks like this:
<html> <body> Welcome <?php echo $_POST[“username”]; ?><br> Login done successfully! ?> </body> </html>
You could also achieve the same result using the HTTP GET method instead of the HTTP POST method:
and login.php for GET method looks like this:
<html> <body> Welcome <?php echo $_GET[“username”]; ?><br> Login done successfully! ?> </body> </html>
As you can see on above example, it is quite simple. But there is one thing that is missing and it is the most important thing.
The form data you enter into your script should be validated in order to prevent malicious code from being injected into it.
There is no form validation on this page. As you can see, it only shows how you can send and retrieve data from a form.
The next pages will show you how to process PHP forms while keeping security in mind.
To protect your form from hackers and spammers, it is important that form data be validated properly.
GET vs POST
Both GET and POST create arrays of values (for example, arrays of key1 => value1, arrays of key2 => value2, arrays of key3 => value3, etc.).
Key/Value pairs are stored in this array. Every key/value pair in this array represents a form control.
The key represents the name of the control and the value represents the data that has been entered by the user.
A GET and a POST request are both treated as $_GET and $_POST requests, respectively.
These are superglobal variables, which means that no matter what the scope of the variable is, they are always available.
There is no need to do anything special in order to access them from any function, class, or file, as they are accessible from anywhere.
$_GET is a variable array that contains strings that have been passed by the URL parameters to the script.
$_POST is an array of variables that are passed through the HTTP POST method to the current script during execution.
When To Use GET?
When information is sent from a form using the GET method, it is visible to everyone in the URL (all variables and their values can be seen in that URL).
You can also send a limited amount of data using a GET request.
Data can be up to a maximum of 2000 characters long.
As a result of the variables present in the URL, it is possible to bookmark the page in the event that you need to return to it later.
In some cases, this can be very useful. The GET method can be used to send non-sensitive information over the Internet.
When To Use POST?
Using the POST method, you can send data in a form that is invisible to others (all the names/values are encapsulated within the body of the HTTP request), and the amount of data sent is not restricted.
Further, the POST method provides advanced functionality such as the ability to upload files to a server in multiple file formats. In addition, it provides a facility for the use of multipart binary input.
It is not possible to bookmark a page that contains variables since they are not displayed in the URL.
POST is the preferred method of sending form data by developers.
The next thing we need to do is learn how PHP forms can be processed in a secure manner!