PHP Tutorials
WhatsApp Channel
Join
Facebook Page
Follow

PHP Forms Handling

📘 PHP 👁 37 views 📅 Dec 22, 2025
⏱ Estimated reading time: 3 min

What is Form Handling in PHP?

Form handling in PHP means collecting data from HTML forms and processing it on the server using PHP. Forms are widely used for login pages, registrations, feedback forms, and contact forms.

PHP supports form data submission using GET and POST methods.

Basic HTML Form Example

<form method="post" action="process.php">
    <input type="text" name="username" placeholder="Enter Name">
    <input type="email" name="email" placeholder="Enter Email">
    <input type="submit" value="Submit">
<!-->

Form Submission Methods in PHP

1. GET Method

  • Data is sent via URL

  • Not secure

  • Limited data size

  • Suitable for search forms

Example:

<form method="get" action="process.php">
    <input type="text" name="name">
    <input type="submit">
<!-->

<!--?php
echo $_GET['name'];
?>

2. POST Method

  • Data is sent in the request body

  • More secure

  • No data size limitation

  • Recommended for sensitive data

Example:

<form method="post" action="process.php">
    <input type="text" name="name">
    <input type="submit">
<!-->

<!--?php
echo $_POST['name'];
?>

$_REQUEST Superglobal

The $_REQUEST array can collect data from GET, POST, and COOKIE.

<!--?php
echo $_REQUEST['name'];
?>

⚠️ Not recommended for secure applications.

Handling Form Data Safely

Always check if the form is submitted before accessing values.

<!--?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = $_POST['name'];
    echo $name;
}
?>

Form Validation in PHP

Required Field Validation

if (empty($_POST['name'])) {
    echo "Name is required";
}

Email Validation

$email = $_POST['email'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Invalid email format";
}

Sanitizing User Input

To protect against XSS attacks, sanitize input data.

$name = htmlspecialchars($_POST['name']);
$email = htmlspecialchars($_POST['email']);

Complete Form Handling Example

HTML Form

<form method="post" action="">
    <input type="text" name="name" placeholder="Name">
    <input type="email" name="email" placeholder="Email">
    <input type="submit" name="submit">
<!-->

PHP Processing Code

<!--?php
if (isset($_POST['submit'])) {
    $name  = htmlspecialchars($_POST['name']);
    $email = htmlspecialchars($_POST['email']);

    echo "Name: $name
";
    echo "Email: $email";
}
?>

Preventing Common Security Issues

SQL Injection Protection

Use prepared statements.

$stmt = $pdo->prepare("INSERT INTO users (name, email) VALUES (?, ?)");
$stmt->execute([$name, $email]);

CSRF Protection (Basic Example)

$_SESSION['token'] = bin2hex(random_bytes(32));

File Upload Using Forms (Basic)

<form method="post" enctype="multipart/form-data">
    <input type="file" name="file">
    <input type="submit">
<!-->

<!--?php
move_uploaded_file($_FILES['file']['tmp_name'], "uploads/" . $_FILES['file']['name']);
?>

Best Practices for PHP Form Handling

  • Always validate input

  • Sanitize user data

  • Use POST for sensitive data

  • Avoid using $_REQUEST

  • Use HTTPS

  • Handle errors properly

Conclusion

PHP form handling is a core skill for web development. By properly validating and sanitizing user inputs, you can build secure and reliable web applications.

🔒 Some advanced sections are available for Registered Members
Register Now
← Previous
PHP Functions
Next →
PHP Superglobals
Share this Post
🚀 Want to Test Your Knowledge?

Take quizzes related to this topic and see where you stand!

Start Quiz Now
← Back to Tutorials

Popular Competitive Exam Quizzes

GK/GS Quiz | UPSC Exam Quiz | English Grammar Basics Quiz | Science Quiz