💡 Ask Tutor

PHP and HTML Forms – Handling User Input

Why Forms Matter in Web Development

Forms are the gateway to user interaction. Whether it’s login forms, contact pages, surveys, or payment checkout — they all rely on HTML forms to collect data from users.

PHP plays a critical role in processing that data on the server side:

  • Capturing inputs
  • Validating them
  • Storing to a database
  • Sending emails
  • Returning results or errors

Creating a Basic HTML Form

HTML Form Example:

HTML
<form action="process.php" method="post">
  <label>Name:</label>
  <input type="text" name="username" required>
  <br>
  <label>Email:</label>
  <input type="email" name="email" required>
  <br>
  <input type="submit" value="Submit">
</form>

Key Attributes:

  • action="process.php" → the PHP file that handles form data
  • method="post" → sends data using the $_POST array (hidden from URL)
  • name="" → the key name to access in PHP

Difference Between $_GET and $_POST

SuperglobalUse CaseVisibilitySecurity
$_GETPass values via URL (e.g., search)Visible in URLLess secure
$_POSTForm submissions (e.g., login, feedback)Hidden from URLMore secure

$_GET Example:

PHP
<?php
$name = $_GET['name'];
echo "Hello, $name!";
?>

Access like: example.php?name=Jay

$_POST Example:

PHP
<?php
$name = $_POST['username'];
echo "Hello, $name!";
?>

Full PHP Form Processing Example

index.html:

HTML
<form action="welcome.php" method="post">
  <label>Enter your name:</label>
  <input type="text" name="name" required>
  <input type="submit" value="Submit">
</form>

welcome.php:

PHP
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = $_POST['name'];
  echo "Welcome, $name!";
}
?>

Form Validation and Security

Handling user input safely is critical to prevent attacks like:

  • XSS (Cross-Site Scripting)
  • SQL Injection
  • Spam bots

1. Basic Validation

Check if fields are filled:

PHP
if (empty($_POST['name'])) {
  echo "Name is required";
}

2. Sanitization

Remove dangerous characters:

PHP
$name = htmlspecialchars($_POST['name']);

3. Email Validation:

PHP
$email = $_POST['email'];

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  echo "Invalid email format";
}

✍️ Common Form Input Types

TypeHTMLAccess in PHP
Text<input type="text" name="name">$_POST['name']
Email<input type="email" name="email">$_POST['email']
Password<input type="password" name="pass">$_POST['pass']
Radio<input type="radio" name="gender" value="Male">$_POST['gender']
Checkbox<input type="checkbox" name="subscribe">isset($_POST['subscribe'])
Dropdown<select name="country">$_POST['country']
Textarea<textarea name="message">$_POST['message']

Real-World Example: Contact Form

contact.html:

HTML
<form action="contact.php" method="post">
  <input type="text" name="name" placeholder="Your Name" required><br>
  <input type="email" name="email" placeholder="Your Email" required><br>
  <textarea name="message" placeholder="Your Message" required></textarea><br>
  <input type="submit" value="Send">
</form>

contact.php:

PHP
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = htmlspecialchars($_POST['name']);
  $email = htmlspecialchars($_POST['email']);
  $message = htmlspecialchars($_POST['message']);

  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Invalid email format.";
  } else {
    echo "Thank you, $name. Your message has been received.";
  }
}
?>

Common Mistakes to Avoid

  • Using $_POST without checking if the form is submitted
  • Not validating or sanitizing inputs
  • Relying on client-side validation only (can be bypassed)
  • Forgetting name="" attribute — PHP can’t access unnamed inputs
  • Typo in form method (post vs POST – must match case)

Best Practices for Forms in PHP

  • Always check $_SERVER["REQUEST_METHOD"] == "POST" before processing
  • Use htmlspecialchars() to prevent XSS
  • Validate emails with filter_var()
  • Check isset() or empty() before using values
  • Keep form and processing logic separate (use two files if possible)

Notes:

  • Forms are used to collect user data, which PHP can process using $_POST or $_GET
  • Always sanitize and validate inputs to prevent security threats
  • Use different input types depending on the data being collected
  • Build forms that are user-friendly, secure, and robust

Practice Tasks

Task 1: Feedback Form
Build a form that asks for:

  • Name
  • Email
  • Rating (1–5)
  • Comments
    Process and validate inputs in PHP.

Task 2: Login Form
Create a login form with:

  • Username
  • Password
    Check if they match preset values, and display a welcome or error message.

Task 3: Newsletter Signup
Create a checkbox form:

  • If checked, echo: “Thanks for subscribing!”
  • If unchecked, echo: “You opted out of our newsletter.”

📘 Continue to the Next Chapter

Arrays in PHP – Storing Multiple Values

Understand how to create and manipulate indexed, associative, and multidimensional arrays to manage collections of data in PHP.

➡️

💡 Explore More PHP Learning Tools & Resources

📝

PHP Practice Quiz

Test your PHP skills with real coding questions and scoring.
📋

PHP Interview Questions

Prepare for interviews with common PHP questions and answers.
🎓

Educational AI Tutor

Ask PHP questions and get instant AI-powered explanations.
🧠

Question Generator

Auto-generate PHP interview questions for quick practice.