MasterPHP.in
Sign in Sign up
PHP Tutorial

Handling Forms in PHP

So far, your PHP programs used hardcoded values.

But real applications don’t work like that.

πŸ‘‰ Users enter data β€” and your application processes it.

Forms are how PHP receives user input.


How Forms Work

  1. User fills a form
  2. Browser sends data to server
  3. PHP receives it using superglobals ($_GET, $_POST)


Basic HTML Form

<form method="post" action="process.php">
    <input type="text" name="username">
    <button type="submit">Submit</button>
</form>


Handling Form with $_POST

// process.php

$username = $_POST['username'];

echo "Hello " . $username;

Example Input:

Rohan

Output:

Hello Rohan

πŸ‘‰ $_POST stores form data sent via POST method.


Handling Form with $_GET

<form method="get" action="process.php">
    <input type="text" name="username">
    <button type="submit">Submit</button>
</form>


$username = $_GET['username'];

echo "Hello " . $username;

πŸ‘‰ Data is sent via URL:

process.php?username=Rohan


GET vs POST (Key Differences)

Feature        | GET                      | POST
--------------|--------------------------|------------------------
Data location | URL                      | Request body
Visibility    | Visible in browser       | Not visible
Security      | Less secure              | More secure
Data limit    | Limited                  | Larger data allowed
Use case      | Search, filters          | Forms, login, submit

When to Use GET vs POST

  • Use GET β†’ when data is not sensitive (search, filters)
  • Use POST β†’ when data is sensitive (login, forms, payments)


Preventing Undefined Errors

if (isset($_POST['username'])) {
    echo $_POST['username'];
}

πŸ‘‰ Prevents:

Undefined array key "username"


Basic Validation (Very Important)

if (!empty($_POST['username'])) {
    echo "Hello " . $_POST['username'];
} else {
    echo "Username is required";
}


Simple Security (XSS Protection)

echo htmlspecialchars($_POST['username']);

πŸ‘‰ Prevents users from injecting HTML/JS.


Real-World Example

<form method="post">
    <input type="text" name="name">
    <input type="number" name="age">
    <button type="submit">Submit</button>
</form>


if (isset($_POST['name'], $_POST['age'])) {
    $name = htmlspecialchars($_POST['name']);
    $age = (int) $_POST['age'];

    echo "Name: " . $name . "<br>";
    echo "Age: " . $age;
}

Example Output:

Name: Rohan
Age: 22


Common Mistakes Beginners Make

1. Accessing Data Without isset()

echo $_POST['username']; // Warning

Fix:

if (isset($_POST['username']))

2. Using GET for Sensitive Data

<form method="get">

πŸ‘‰ Exposes passwords in URL.

3. Not Sanitizing Input

echo $_POST['name'];

πŸ‘‰ Can allow XSS attacks.

Fix:

htmlspecialchars()


Practice Exercise

Task 1 (Easy)

Create a form:

  • input: name
  • method: POST

Print:

Hello Rohan

Task 2 (Medium)

Create a form:

  • inputs: name, age
  • validate both fields

Expected Output:

Name: Rohan
Age: 22

Task 3 (Hard)

Create a login form:

  • inputs: email, password
  • use POST
  • validate empty fields

Expected Output:

Login successful

(or validation message if empty)


Summary

In this lesson, you learned:

  • how forms send data to PHP
  • how $_GET and $_POST work
  • when to use GET vs POST
  • how to validate input
  • how to prevent basic security issues

Share this tutorial