Forms are the backbone of interactive web applications. A PHP Form allows users to send input data to a web server for processing β such as registration details, contact messages, or login credentials. With PHP, you can collect, validate, and manage this data securely and efficiently.
This guide will walk you through creating PHP forms, handling user input, and ensuring secure form submission using best practices and examples.
Table of Contents:
Understanding How PHP Forms Work in Web Development
A PHP form is an HTML form that sends user input data to a PHP script for processing. The process typically follows these steps:
- User fills out the HTML form.
- Data is sent to the server using POST or GET method.
- PHP processes, validates, and optionally stores the data in a database.
- The user receives feedback (success or error messages).
Create a Simple HTML Form with PHP
Hereβs an example of a simple HTML form with PHP to collect a userβs name and email.
Example:
<!DOCTYPE html>
<html>
<head>
<title>PHP Form Example</title>
</head>
<body>
<form action="form.php" method="post">
Name: <input type="text" name="name"><br><br>
Email: <input type="email" name="email"><br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
form.php
<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$name = $_POST["name"];
$email = $_POST["email"];
echo "Welcome, $name! Your email is $email.";
}
?>
This code collects form data and displays it dynamically using PHP.
PHP Form Handling Using POST and GET Methods
PHP can handle data sent through two main methods: GET and POST.
Using the POST Method in PHP Forms
POST sends data securely and is ideal for sensitive information such as passwords or form submissions.
<form action="submit.php" method="post">
Username: <input type="text" name="username">
<input type="submit">
</form>
In submit.php:
<?php
echo "Username: " . $_POST['username'];
?>
Using the GET Method in PHP Forms
GET appends form data to the URL and is useful for search queries or simple data transfer.
<form action="search.php" method="get">
Search: <input type="text" name="query">
<input type="submit">
</form>
In search.php:
<?php
echo "Search for: " . $_GET['query'];
?>
PHP Form Validation and Sanitization for Security
To prevent security risks such as XSS (Cross-site scripting) or invalid input, you must validate and sanitize form data.
Example:
<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$name = htmlspecialchars(trim($_POST["name"]));
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);
if(empty($name) || empty($email)){
echo "All fields are required.";
} elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
echo "Invalid email format.";
} else {
echo "Form submitted successfully!";
}
}
?>
This ensures that malicious code cannot be injected into your PHP form.
PHP Form with Multiple Input Fields
You can collect multiple values from users, such as registration forms or contact forms.
Example:
<form method="post" action="register.php">
Name: <input type="text" name="name"><br>
Email: <input type="email" name="email"><br>
Age: <input type="number" name="age"><br>
<input type="submit" value="Register">
</form>
register.php
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$age = $_POST['age'];
echo "Registered $name, age $age, email $email.";
?>
PHP Form with Radio Buttons and Checkboxes
PHP easily handles radio and checkbox input values.
Example:
<form method="post">
Gender:
<input type="radio" name="gender" value="Male"> Male
<input type="radio" name="gender" value="Female"> Female
<br>
Interests:
<input type="checkbox" name="interest[]" value="PHP"> PHP
<input type="checkbox" name="interest[]" value="HTML"> HTML
<input type="checkbox" name="interest[]" value="CSS"> CSS
<br><input type="submit">
</form>
<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
echo "Gender: " . $_POST["gender"] . "<br>";
echo "Interests: " . implode(", ", $_POST["interest"]);
}
?>
Secure PHP Form Handling Best Practices
To keep your PHP forms secure:
- Always validate and sanitize user input.
- Use CSRF tokens to prevent cross-site request forgery.
- Use POST for sensitive data.
- Store passwords using password_hash().
- Use prepared statements for database operations.
PHP Contact Form Example with Email Sending
Hereβs a simple example of a contact form that sends an email.
<form method="post">
Name: <input type="text" name="name"><br>
Email: <input type="email" name="email"><br>
Message:<br>
<textarea name="message"></textarea><br>
<input type="submit" value="Send">
</form>
<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$to = "admin@phponline.in";
$subject = "Contact Form Submission";
$message = $_POST["message"];
$headers = "From: " . $_POST["email"];
mail($to, $subject, $message, $headers);
echo "Message sent successfully!";
}
?>
PHP form, PHP form handling, PHP form validation, PHP POST and GET, PHP contact form, PHP form example, process HTML form in PHP, PHP form data sanitization, PHP form tutorial, PHP form security
π Learn about PHP Variables to store user input.
π Explore PHP Strings for text manipulation in forms.
π Understand PHP Operators used in form conditions and validation logic.
Frequently Asked Questions (FAQ)
Q1. What is a PHP Form?
Answer: A PHP form is an HTML form that sends user input data to a PHP script for processing, validation, and storage.
Q2. What is the difference between POST and GET in PHP?
Answer: POST sends data securely in the request body, while GET appends data to the URL.
Q3. How to validate PHP form inputs?
Answer: Use functions like htmlspecialchars(), trim(), and filter_var() to validate and sanitize inputs.
Q4. How to prevent form hacking in PHP?
Answer: Validate inputs, use CSRF protection, sanitize data, and escape output to prevent attacks.
Q5. Can PHP forms send emails?
Answer: Yes. Use the mail() function or PHPMailer library to send emails from a PHP form.