PHP Forms Handling
Forms are the primary way users send data to a web server. A user types into a text field, selects an option, or checks a box, then clicks submit. The browser packages that data and sends it to the server. PHP receives the data on the server side and can process, validate, store, or display it. Understanding how PHP handles form data is one of the most practical skills in web development.
How HTML Forms Work with PHP
An HTML form has two key attributes: method (how the data is sent) and action (where the data is sent). When action points to a PHP file, that file processes the submitted data.
<form method="post" action="process.php">
<label>Name:</label>
<input type="text" name="username">
<label>Email:</label>
<input type="email" name="email">
<input type="submit" value="Submit">
</form>
Each form element has a name attribute. This name becomes the key that PHP uses to retrieve the submitted value. If no name attribute is set, PHP will not receive that field's data.
The GET Method
The GET method appends form data to the URL as a query string. The data is visible in the browser address bar.
<form method="get" action="search.php">
<input type="text" name="query" placeholder="Search...">
<input type="submit" value="Search">
</form>
After submitting, the URL looks like: search.php?query=php+tutorial
In the PHP file, the submitted data is accessed using the $_GET superglobal:
<?php
// search.php
$searchTerm = $_GET['query'];
echo "Searching for: " . $searchTerm;
?>
When to Use GET
- Search forms
- Filtering and sorting
- Any request where the data can safely appear in the URL
- Bookmarkable or shareable results
The POST Method
The POST method sends form data in the HTTP request body, not in the URL. The data is not visible in the address bar.
<form method="post" action="login.php">
<input type="text" name="username" placeholder="Username">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Log In">
</form>
In the PHP file, POST data is accessed using the $_POST superglobal:
<?php
// login.php
$username = $_POST['username'];
$password = $_POST['password'];
echo "Username entered: " . $username;
?>
When to Use POST
- Login and registration forms
- Contact and feedback forms
- Any request that sends sensitive data (passwords, personal details)
- Any request that modifies data on the server (creating, updating, deleting records)
GET vs POST Comparison
| Feature | GET | POST |
|---|---|---|
| Data location | URL (visible) | Request body (hidden) |
| Data length limit | ~2000 characters | No practical limit |
| Bookmarkable | Yes | No |
| Browser history | Yes | No |
| Suitable for sensitive data | No | Yes |
| PHP superglobal | $_GET | $_POST |
A Complete Form Example
This example shows a simple contact form and its PHP processor in one file. The PHP code runs when the form is submitted, and the form is displayed otherwise.
<?php
$submitted = false;
$name = "";
$message = "";
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$name = $_POST["name"];
$message = $_POST["message"];
$submitted = true;
}
?>
<!DOCTYPE html>
<html>
<body>
<?php if ($submitted): ?>
<p>Thank you, <?= htmlspecialchars($name) ?>! Your message has been received.</p>
<?php else: ?>
<form method="post" action="">
<label>Your Name:</label>
<input type="text" name="name" required>
<label>Message:</label>
<textarea name="message" required></textarea>
<input type="submit" value="Send Message">
</form>
<?php endif; ?>
</body>
</html>
The action="" submits the form back to the same page. $_SERVER["REQUEST_METHOD"] checks whether the page was loaded normally (GET) or submitted (POST). The htmlspecialchars() function converts special characters to HTML entities to prevent security issues — this is covered in the Form Validation topic.
Handling Checkboxes
Checkboxes require special handling because an unchecked checkbox does not send any data to PHP.
<form method="post" action="">
<input type="checkbox" name="newsletter" value="yes"> Subscribe to newsletter
<input type="submit" value="Save">
</form>
<?php
$subscribed = isset($_POST['newsletter']) ? $_POST['newsletter'] : 'no';
echo "Newsletter: " . $subscribed;
?>
Handling Select Dropdowns and Radio Buttons
<form method="post" action="">
<select name="country">
<option value="us">United States</option>
<option value="uk">United Kingdom</option>
<option value="ca">Canada</option>
</select>
<input type="radio" name="gender" value="male"> Male
<input type="radio" name="gender" value="female"> Female
<input type="submit" value="Submit">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$country = $_POST['country'];
$gender = $_POST['gender'] ?? 'not selected';
echo "Country: " . $country . ", Gender: " . $gender;
}
?>
Key Points
- HTML forms use
method(GET or POST) andaction(target URL) attributes. - Each form input needs a
nameattribute — PHP uses this name as the key to retrieve the value. - GET data appears in the URL and is retrieved via
$_GET; use it for searches and filters. - POST data is sent in the request body and is retrieved via
$_POST; use it for sensitive data. - Check
$_SERVER["REQUEST_METHOD"] === "POST"to detect form submissions. - Always use
htmlspecialchars()when displaying user-submitted data to prevent security vulnerabilities. - Use
isset()to check if a form field was submitted (essential for checkboxes).