PHP Forms – Part1

Forms are essential parts in web development. Forms are used to communicate between users and the server. It is a way to get information of the user to the server and let the server do something in response to the user’s input. We use form to register in a website, to login, to send feedback, to place order etc. In this lesson, you’ll learn how php handles forms.

How form works with PHP

Generally a form is coded in HTML. Filling with information, the form is submitted. The information is sent to a predefined php page where php can retrieve user inputs. We can divide the whole process into the following parts-

1. Building a HTML form
2. Selecting a form method to send the form inputs
3. Retrieving the form inputs
4. Validating form inputs
5. Sanitizing the form inputs

Building a form

Building a form is very simple. The following code snippet is for a simple form-

<form name="form1" method="POST" action="form-process.php">
     <p>
         <label> Your Name : </label>
         <input type="text" name="name">
     </p>
     <p>
         <input type="submit" name="send" id="send" value="Submit">
     </p>
 </form>

Output:

From the HTML knowledge, you must understand the above form code snippet. It has two elements – a text box and a submit button.

Selecting a form method to send the form data

• There are two methods that you can use to specify how the form data will be passed to a php script which is located in the server. These are-
  1. GET method
  2. POST method
• You can specify one method as method attribute in the form tag. In the above example, the post method is used-
  <form name=”form1″ method=”POST” action=”form-process.php”>

In the following section you’ll learn about GET and POST methods.

GET Method

• It is the default method of the form. If you don’t specify any method in a form, the form will send its information in GET method. Example-

  <form name="form1" action="form-process.php">

• After submitting a form which is using GET method, form parameters (all the names and values of the form elements) will be added at the end of the URL. If you change the method of the above form to GET like the following,

  <form name="form1" method="GET" action="form-process.php">

  run it in a browser and add name “John” and click submit, you’ll see the form parameters (names and values of the textbox and button) are added in the URL.

  

  As you see, the form elements are added after the script name beginning with a question mark (?). One equal sign (=) is placed between each name and value; and the pairs are added by an ampersand (&). The string after the question mark (?) is called query string.

  

  

  URL can’t contain space or other special characters. So, if you add space or other special characters in the form inputs the browser encodes hexadecimal value of those characters. This is called URL encoding. For example, if you add “John Smith” in the Name field and submit the form, the URL will look like this-

  localhost/SOW/form/form-process.php?name=John+Smith&send=Submit

  Here, the browser replaced space by the plus sign (+).
• For the presence of the query string, URL produced by GET method can be bookmarked.
• There is size limitation of the URL, so you can’t pass unlimited data through a form that is using GET method.

POST Method

• After submitting a form which is using POST method, form parameters (all names and values of the form elements) are passed internally leaving the URL untouched.

  <form name="form1" method="POST" action="form-process.php">

• For the absence of the query string, URL produced by GET method can’t be bookmarked.
• You can’t any amount of data using POST method.

When to use GET Method

Get method can be used to retrieve information from the server.

Example:

1.  The search forms you see in various websites use GET method.
2. Logging into a member area etc

When to use POST Method

When the processing script may change the database then use POST method.

Example:

1. Registering in a website
2. Send feedback
3. Place an order in a shopping cart
4. Updating user information etc

Retrieving the form inputs

Now it is time to retrieve the data that are sent from the form. This retrieving process is occurred in the php script that is specified in the form’s action attribute. For the above form, the processing script is “form-process.php”.

All the submitted form data are stored in the Superglobal arrays. Superglobal arrays are associative arrays that can be used in any scope of the processing script to retrieve form data. The following Superglobal arrays are related to process the form data.

$_GET:

• All the data that are sent by the GET method are stored in the $_GET associative array.
• $_GET has the same number of elements as the number of the element of the form.
• Each index of the array element is the name of one form field and its value is the value entered into that form field.
  
  Example:
  Let’s use the form script again-

  <form name="form1" method="GET" action="form-process.php">
       <p>
           <label> Your Name : </label>
           <input name="name" type="text">
       </p>
       <p>
           <input name="send" id="send" type="submit" value="Submit">
       </p>
   </form>

  And, here is the form processing script (form-process.php)

  <?php
      $name = $_GET[‘name’];
      $send = $_GET[‘send’];
      echo $name;
      echo “<br />”;
      echo $send;
   ?>

  Output:
  John
  send

  Explanation:
  The form is using GET method. It has two fields- a textbox which name is “name” and a button which name is “send”. When you run the form in a browser, enter a name (ex, John) and submit it; the values of the form fields are stored in the $_GET superglobal.

  To retrieve the value of each form data, use its name index. See line no. 1 and 2 in the form-process.php script above.

$_POST:

• All the data that are sent by the POST method are stored in the $_POST associative array.
• $_POST has the same number of elements as the number of the element of the form.
• Each index of the array element is the name of one form field and its value is the value entered into that form field.Example:
  Let’s use the form script again-

  <form name="form1" method="POST" action="form-process.php">
       <p>
           <label> Your Name : </label>
           <input name="name" type="text">
       </p>
       <p>
           <input name="send" id="send" type="submit" value="Submit">
       </p>
   </form>

  And, here is the form processing script (form-process.php)

  <?php
      $name = $_POST[‘name’];
      $send = $_POST[‘send’];
      echo $name;
      echo “<br />”;
      echo $send;
  ?>

  Output:
  John
  send

  Explanation:
  The form is using POST method. It has two fields- a textbox which name is “name” and a button which name is “send”. When you run the form in a browser, enter a name (ex, John) and submit it; the values of the form fields are stored in the $_POST superglobal.

  To retrieve the value of each form data, use its name index. See line no. 1 and 2 in the form-process.php script above.

$_REQUEST:

• All the data that are sent by the either GET or POST method are stored in the $_REQUEST associative array.
• $_REQUEST has the same number of elements as the number of the element of the form.
• Each index of the array element is the name of one form field and its value is the value entered into that form field.Example:
  Let’s use the form script again-

  <form name="form1" method="GET" action="form-process.php">
       <p>
           <label> Your Name : </label>
           <input name="name" type="text">
       </p>
       <p>
           <input name="send" id="send" type="submit" value="Submit">
       </p>
   </form>

  And, here is the form processing script (form-process.php)

  <?php
      $name = $_REQUEST[‘name’];
      $send = $_ REQUEST [‘send’];
      echo $name;
      echo “<br />”;
      echo $send;
  ?>

  Output:
  John
  send

  Explanation:
  The form is using GET method. It has two fields- a textbox which name is “name” and a button which name is “send”. When you run the form in a browser, enter a name (ex, John) and submit it; the values of the form fields are stored in the $_ REQUEST superglobal.

  To retrieve the value of each form data, use its name index. See line no. 1 and 2 in the form-process.php script above.

  

  As $_REQUEST array can retrieve information from GET or POST method without knowing which method was really used in the form, so it is not secured, hence not recommended to use it.