PHP Form Handling Tutorial (Complete Guide with Examples)

Welcome to phponline.in — your trusted resource to learn PHP programming from beginner to advanced.

In this tutorial, we’ll explore PHP Form Handling in depth, including:

• Introduction to form handling in PHP
• The role of GET and POST methods
• Superglobals ($_GET, $_POST, $_REQUEST, $_SERVER)
• Form validation and sanitization
• Secure handling of user input
• Real-world examples (Login, Registration, Contact form)
• Preventing common vulnerabilities like XSS and SQL Injection

By the end, you’ll be able to:

• Create secure and efficient forms
• Collect and validate user data
• Integrate forms with databases (MySQL)
• Build mini projects like contact forms, login systems, and registration forms

You will Learn

1. Introduction to PHP Form Handling
2. Why Form Handling is Important
3. HTML Forms Recap
4. PHP Form Handling Workflow
5. GET vs POST in Form Handling
6. PHP Superglobals in Form Handling
7. Handling Single Input Fields
8. Handling Multiple Input Fields
9. Handling Radio Buttons
10. Handling Checkboxes
11. Handling Select Dropdown
12. Handling Textarea
13. Handling Hidden Inputs
14. Handling Password Inputs
15. File Upload Handling in PHP Forms
16. Form Handling using GET (Example)
17. Form Handling using POST (Example)
18. PHP Form Validation Basics
19. Required Field Validation
20. Email Validation
21. Phone Number Validation
22. Password Strength Validation
23. Age and Number Validation
24. Using filter_var() for Validation
25. Regex in PHP Form Validation
26. Sanitizing User Input
27. htmlspecialchars() and htmlentities()
28. trim(), stripslashes(), strip_tags()
29. PHP Form Security Best Practices
30. Preventing XSS in Forms
31. Preventing SQL Injection in Forms
32. Secure Database Insertion with Prepared Statements
33. Sticky Forms (Preserve Data on Error)
34. PHP Error Handling in Forms
35. Multiple Page Form Handling
36. Using PHP Sessions with Forms
37. Using PHP Cookies with Forms
38. Contact Form Example with PHP
39. Login Form Example with PHP
40. Registration Form Example with PHP & MySQL
41. File Upload Form Example (Profile Picture)
42. Image Upload Validation
43. Storing Form Data in MySQL Database
44. Retrieving and Displaying Stored Form Data
45. PHP Form with AJAX (Basic Example)
46. Secure Form Handling Checklist
47. Common Mistakes in PHP Form Handling
48. Best Practices in PHP Forms
49. Mini Project: Feedback Form with Database Integration
50. Mini Project: Newsletter Subscription Form with Email Confirmation
51. Mini Project: Student Registration System with Validation & DB

1. Introduction to PHP Form Handling

Form handling in PHP refers to collecting, validating, processing, and storing user input submitted through HTML forms.

👉 Example: When a user fills out a login form, PHP processes their username and password to check if they are valid.

Forms + PHP = Dynamic Web Applications.

2. Why Form Handling is Important?

Forms are critical in web apps because they:

• Collect user data (login, registration, feedback)
• Enable interactivity
• Connect frontend (HTML) to backend (PHP & Database)
• Allow secure transactions

👉 Related: PHP Global Variables

5. GET vs POST in Form Handling

👉 Related: PHP Superglobals

16. Form Handling using GET (Example)

<form method="get">
  Name: <input type="text" name="name">
  <input type="submit">
</form>

<?php
if (isset($_GET['name'])) {
    echo "Hello, " . htmlspecialchars($_GET['name']);
}
?>

17. Form Handling using POST (Example)

<form method="post">
  Email: <input type="text" name="email">
  <input type="submit">
</form>

<?php
if (isset($_POST['email'])) {
    echo "Your email: " . htmlspecialchars($_POST['email']);
}
?>

18. PHP Form Validation Basics

Validation ensures only correct and safe data is accepted.

if (empty($_POST["name"])) {
  echo "Name is required!";
}

23. Age and Number Validation

$age = $_POST["age"];
if (!filter_var($age, FILTER_VALIDATE_INT)) {
  echo "Invalid age!";
}

29. PHP Form Security Best Practices

• Always sanitize inputs
• Use htmlspecialchars() to prevent XSS
• Use prepared statements to prevent SQL Injection
• Use CSRF tokens for high-security apps

👉 Related: [PHP Security Best Practices]

38. Contact Form Example

<form method="post">
  Name: <input type="text" name="name"><br>
  Email: <input type="text" name="email"><br>
  Message: <textarea name="message"></textarea><br>
  <input type="submit">
</form>

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = htmlspecialchars($_POST['name']);
  $email = htmlspecialchars($_POST['email']);
  $message = htmlspecialchars($_POST['message']);
  echo "Thanks, $name. We received your message.";
}
?>

39. Login Form Example

<form method="post">
  Username: <input type="text" name="username"><br>
  Password: <input type="password" name="password"><br>
  <input type="submit" value="Login">
</form>

<?php
if ($_POST['username'] == "admin" && $_POST['password'] == "1234") {
    echo "Login successful!";
} else {
    echo "Invalid credentials!";
}
?>

👉 Related: PHP Operators

43. Storing Form Data in MySQL

$conn = mysqli_connect("localhost", "root", "", "testdb");

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = mysqli_real_escape_string($conn, $_POST['name']);
  $email = mysqli_real_escape_string($conn, $_POST['email']);

  $sql = "INSERT INTO users (name, email) VALUES ('$name', '$email')";
  mysqli_query($conn, $sql);
}

👉 Related: PHP Arrays

Mini Project: Student Registration System

Features:

• Collects Name, Email, Phone, Password
• Validates & sanitizes inputs
• Stores securely in MySQL database

Summary & Conclusion

• PHP form handling is the core of web development
• Use POST for sensitive data
• Always validate & sanitize inputs
• Secure your forms with prepared statements and XSS protection

FAQs on PHP Form Handling

Q1: What is PHP Form Handling?
A: The process of collecting, validating, and processing data from HTML forms using PHP.

Q2: Which method is better for form handling – GET or POST?
A: POST is more secure and used for login, registration, and file uploads.

Q3: How do I validate a PHP form?
A: Use PHP functions like isset(), empty(), filter_var(), and regex patterns.

Q4: How to secure PHP form handling?
A: Use prepared statements, sanitize input, and prevent XSS with htmlspecialchars().

Q5: Can PHP forms store data in a database?
A: Yes, PHP forms can connect to MySQL and store data using INSERT queries.