PHP Form Example

PHP Form Example – Learn Form Handling in PHP

Forms are the backbone of any dynamic website. Whether it’s a login form, registration form, or contact form, PHP is one of the most popular languages to process and validate user input.

In this complete guide from PHP Online, we’ll cover real PHP form examples with explanations for both GET and POST methods, along with best practices for secure input handling.


What is a PHP Form?

A PHP form is an HTML form that interacts with a PHP script to process data entered by a user. PHP can:

  • Capture input from text fields, radio buttons, checkboxes, and dropdowns
  • Validate and sanitize user data
  • Store data in databases like MySQL
  • Send emails from form submissions
  • Improve security with proper validation

PHP Form Example Using GET Method

The GET method sends form data via the URL. It is useful for simple search forms but not secure for sensitive data.

Example Code

<form method="get" action="">
  Name: <input type="text" name="name"><br>
  Age: <input type="text" name="age"><br>
  <input type="submit" value="Submit">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] == "GET") {
    $name = $_GET["name"];
    $age = $_GET["age"];
    echo "Hello $name, you are $age years old.";
}
?>

PHP Form Example Using POST Method

The POST method sends form data securely in the request body. It is the most common way to handle login, signup, and contact forms.

Example Code

<form method="post" action="">
  Email: <input type="text" name="email"><br>
  Password: <input type="password" name="password"><br>
  <input type="submit" value="Login">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $email = $_POST["email"];
    $password = $_POST["password"];
    echo "Email: $email <br>";
    echo "Password: $password";
}
?>

Secure PHP Form Example with Validation

To avoid invalid or harmful input, always validate and sanitize user data.

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = htmlspecialchars(trim($_POST["name"]));
    $email = filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL);

    if (empty($name)) {
        echo "Name is required.<br>";
    } else {
        echo "Name: $name <br>";
    }

    if (!$email) {
        echo "Invalid Email Address.";
    } else {
        echo "Email: $email";
    }
}
?>

Example Form

<form method="post" action="">
  Name: <input type="text" name="name"><br>
  Email: <input type="text" name="email"><br>
  <input type="submit" value="Submit">
</form>

Best Practices for PHP Forms

  • Always use POST method for sensitive data
  • Sanitize and validate input before processing
  • Use prepared statements when inserting into databases
  • Protect forms with CSRF tokens
  • Apply server-side validation (JavaScript alone is not enough)

PHP Registration Form Example with Validation

A registration form is one of the most common use cases of PHP forms. It usually collects information like name, email, and password from the user. Let’s build a secure example with validation.

Example Code – Registration Form

<form method="post" action="">
  Full Name: <input type="text" name="name"><br><br>
  Email: <input type="text" name="email"><br><br>
  Password: <input type="password" name="password"><br><br>
  Confirm Password: <input type="password" name="confirm_password"><br><br>
  <input type="submit" value="Register">
</form>

PHP Script to Handle and Validate Input

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = htmlspecialchars(trim($_POST["name"]));
    $email = filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL);
    $password = trim($_POST["password"]);
    $confirm_password = trim($_POST["confirm_password"]);

    // Validation checks
    if (empty($name)) {
        echo "Name is required.<br>";
    } else {
        echo "Name: $name <br>";
    }

    if (!$email) {
        echo "Invalid Email Address.<br>";
    } else {
        echo "Email: $email <br>";
    }

    if (strlen($password) < 6) {
        echo "Password must be at least 6 characters long.<br>";
    } elseif ($password !== $confirm_password) {
        echo "Passwords do not match.<br>";
    } else {
        echo "Password is valid.<br>";
    }

    // If everything is valid
    if (!empty($name) && $email && strlen($password) >= 6 && $password === $confirm_password) {
        echo "<strong>Registration Successful!</strong>";
    }
}
?>

Why This Registration Form is Secure

  • Uses htmlspecialchars() to prevent XSS attacks
  • Validates email format with filter_var()
  • Enforces minimum password length
  • Checks if passwords match
  • Provides feedback for each invalid input

Related PHP Tutorials on PHP Online

PHP form example, PHP forms tutorial, PHP form handling, PHP form POST method, PHP form GET method, PHP validation example, PHP form code, PHP input handling, PHP beginner example

Frequently Asked Questions (FAQ)

Q1: What is the difference between GET and POST in PHP forms?
A1: GET sends data in the URL, visible to users, while POST sends data securely in the request body.

Q2: Can PHP forms handle file uploads?
A2: Yes, PHP supports file uploads using the $_FILES superglobal with the enctype="multipart/form-data" attribute.

Q3: Should I always use POST for forms?
A3: Yes, especially for login, signup, or sensitive data. Use GET only for search queries or non-sensitive actions.

Q4: How do I prevent SQL Injection in PHP forms?
A4: Use prepared statements with PDO or MySQLi instead of inserting raw user input into queries.

Q5: Can I use JavaScript validation alone?
A5: No, always use PHP server-side validation because users can bypass JavaScript.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments