Table of Contents:
PHP Form Example – Learn Form Handling in PHP
Forms are the backbone of any dynamic website. Whether it’s a login form, registration form, or contact form, PHP is one of the most popular languages to process and validate user input.
In this complete guide from PHP Online, we’ll cover real PHP form examples with explanations for both GET and POST methods, along with best practices for secure input handling.
What is a PHP Form?
A PHP form is an HTML form that interacts with a PHP script to process data entered by a user. PHP can:
- Capture input from text fields, radio buttons, checkboxes, and dropdowns
- Validate and sanitize user data
- Store data in databases like MySQL
- Send emails from form submissions
- Improve security with proper validation
PHP Form Example Using GET Method
The GET method sends form data via the URL. It is useful for simple search forms but not secure for sensitive data.
Example Code
<form method="get" action="">
Name: <input type="text" name="name"><br>
Age: <input type="text" name="age"><br>
<input type="submit" value="Submit">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] == "GET") {
$name = $_GET["name"];
$age = $_GET["age"];
echo "Hello $name, you are $age years old.";
}
?>
PHP Form Example Using POST Method
The POST method sends form data securely in the request body. It is the most common way to handle login, signup, and contact forms.
Example Code
<form method="post" action="">
Email: <input type="text" name="email"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Login">
</form>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = $_POST["email"];
$password = $_POST["password"];
echo "Email: $email <br>";
echo "Password: $password";
}
?>
Secure PHP Form Example with Validation
To avoid invalid or harmful input, always validate and sanitize user data.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = htmlspecialchars(trim($_POST["name"]));
$email = filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL);
if (empty($name)) {
echo "Name is required.<br>";
} else {
echo "Name: $name <br>";
}
if (!$email) {
echo "Invalid Email Address.";
} else {
echo "Email: $email";
}
}
?>
Example Form
<form method="post" action="">
Name: <input type="text" name="name"><br>
Email: <input type="text" name="email"><br>
<input type="submit" value="Submit">
</form>
Best Practices for PHP Forms
- Always use POST method for sensitive data
- Sanitize and validate input before processing
- Use prepared statements when inserting into databases
- Protect forms with CSRF tokens
- Apply server-side validation (JavaScript alone is not enough)
PHP Registration Form Example with Validation
A registration form is one of the most common use cases of PHP forms. It usually collects information like name, email, and password from the user. Let’s build a secure example with validation.
Example Code – Registration Form
<form method="post" action="">
Full Name: <input type="text" name="name"><br><br>
Email: <input type="text" name="email"><br><br>
Password: <input type="password" name="password"><br><br>
Confirm Password: <input type="password" name="confirm_password"><br><br>
<input type="submit" value="Register">
</form>
PHP Script to Handle and Validate Input
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = htmlspecialchars(trim($_POST["name"]));
$email = filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL);
$password = trim($_POST["password"]);
$confirm_password = trim($_POST["confirm_password"]);
// Validation checks
if (empty($name)) {
echo "Name is required.<br>";
} else {
echo "Name: $name <br>";
}
if (!$email) {
echo "Invalid Email Address.<br>";
} else {
echo "Email: $email <br>";
}
if (strlen($password) < 6) {
echo "Password must be at least 6 characters long.<br>";
} elseif ($password !== $confirm_password) {
echo "Passwords do not match.<br>";
} else {
echo "Password is valid.<br>";
}
// If everything is valid
if (!empty($name) && $email && strlen($password) >= 6 && $password === $confirm_password) {
echo "<strong>Registration Successful!</strong>";
}
}
?>
Why This Registration Form is Secure
- Uses
htmlspecialchars()
to prevent XSS attacks - Validates email format with
filter_var()
- Enforces minimum password length
- Checks if passwords match
- Provides feedback for each invalid input
Related PHP Tutorials on PHP Online
- PHP Form Validation – Complete Guide
- PHP Forms – Validate Email and URL
- PHP Superglobals – GET and POST
PHP form example, PHP forms tutorial, PHP form handling, PHP form POST method, PHP form GET method, PHP validation example, PHP form code, PHP input handling, PHP beginner example
Frequently Asked Questions (FAQ)
Q1: What is the difference between GET and POST in PHP forms?
A1: GET sends data in the URL, visible to users, while POST sends data securely in the request body.
Q2: Can PHP forms handle file uploads?
A2: Yes, PHP supports file uploads using the $_FILES
superglobal with the enctype="multipart/form-data"
attribute.
Q3: Should I always use POST for forms?
A3: Yes, especially for login, signup, or sensitive data. Use GET only for search queries or non-sensitive actions.
Q4: How do I prevent SQL Injection in PHP forms?
A4: Use prepared statements with PDO or MySQLi instead of inserting raw user input into queries.
Q5: Can I use JavaScript validation alone?
A5: No, always use PHP server-side validation because users can bypass JavaScript.