{"id":79,"date":"2021-03-08T00:14:20","date_gmt":"2021-03-08T00:14:20","guid":{"rendered":"https:\/\/phptutorial.net\/?page_id=79"},"modified":"2025-04-07T08:35:33","modified_gmt":"2025-04-07T08:35:33","slug":"php-form","status":"publish","type":"page","link":"https:\/\/www.phptutorial.net\/php-tutorial\/php-form\/","title":{"rendered":"PHP Form"},"content":{"rendered":"\n<p><strong>Summary<\/strong>: in this tutorial, you will learn how HTML forms work and how to process form data in PHP.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='introduction-to-php-form-processing'>Introduction to PHP form processing <a href=\"#introduction-to-php-form-processing\" class=\"anchor\" id=\"introduction-to-php-form-processing\" title=\"Anchor for Introduction to PHP form processing\">#<\/a><\/h2>\n\n\n\n<p>To create a web form, you use the <code>&lt;form&gt;<\/code> element as follows:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">&lt;form action=<span class=\"hljs-string\">\"form.php\"<\/span> method=<span class=\"hljs-string\">\"post\"<\/span>&gt;\n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The <code>&lt;form&gt;<\/code> element has two important attributes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>action<\/code>: specifies the URL that processes the form submission. In this example, the <code>form.php<\/code> will process the form on the web server.<\/li>\n\n\n\n<li><code>method<\/code>: specifies the HTTP method for submitting the form. The most commonly used form methods are <code>POST<\/code> and <code>GET<\/code>. In this example, the form method is <code>post<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>The form method is case-insensitive. It means that you can use either <code>post<\/code> or <code>POST<\/code>. If you don&#8217;t specify the <code>method<\/code> attribute, the form element will use the <code>get<\/code> method by default.<\/p>\n\n\n\n<p>Typically, a form has one or more input elements including input, password, <a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-checkbox\/\">checkbox<\/a>, <a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-radio-button\/\">radio button<\/a>, <a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-select-option\/\">select<\/a>, <a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-file-upload\/\">file upload<\/a>, etc. The input elements are often called form fields.<\/p>\n\n\n\n<p>An input element has the following important attributes <code>name<\/code>, <code>type<\/code>, and <code>value<\/code>. You will use the <code>name<\/code> attribute to access the&nbsp; <code>value<\/code> in PHP.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id='http-post-method'>HTTP POST method <a href=\"#http-post-method\" class=\"anchor\" id=\"http-post-method\" title=\"Anchor for HTTP POST method\">#<\/a><\/h3>\n\n\n\n<p>If a form uses the <code>POST<\/code> method, the web browser will include the form data in the HTTP request&#8217;s body. After submitting the form, you can access the form data in PHP via the <a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-associative-arrays\/\">associative array<\/a> <code>$_POST<\/code> variable.<\/p>\n\n\n\n<p>For example, if a form has an input element with the name <code>email<\/code>, you can access the email value in PHP via the <code>$_POST['email']<\/code>. If the form doesn&#8217;t have an <code>email<\/code> input, the <code>$_POST<\/code> won&#8217;t have any element with the key <code>'email'<\/code>.<\/p>\n\n\n\n<p>To check if the form data contains the <code>email<\/code>, you use the <code><a href=\"https:\/\/phptutorial.net\/php-tutorial\/php-isset\/\">isset()<\/a><\/code> like this:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\n<span class=\"hljs-keyword\">if<\/span>(<span class=\"hljs-keyword\">isset<\/span>($_POST&#91;<span class=\"hljs-string\">'email'<\/span>]) {\n    <span class=\"hljs-comment\">\/\/ process email<\/span>\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The following shows a form with an input element:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"HTML, XML\" data-shcb-language-slug=\"xml\"><span><code class=\"hljs language-xml\"><span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">form<\/span> <span class=\"hljs-attr\">action<\/span>=<span class=\"hljs-string\">\"form.php\"<\/span> <span class=\"hljs-attr\">method<\/span>=<span class=\"hljs-string\">\"post\"<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">div<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">label<\/span> <span class=\"hljs-attr\">for<\/span>=<span class=\"hljs-string\">\"email\"<\/span>&gt;<\/span>Email:<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">label<\/span>&gt;<\/span>\n        <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">input<\/span> <span class=\"hljs-attr\">type<\/span>=<span class=\"hljs-string\">\"email\"<\/span> <span class=\"hljs-attr\">id<\/span>=<span class=\"hljs-string\">\"email\"<\/span> <span class=\"hljs-attr\">name<\/span>=<span class=\"hljs-string\">\"email\"<\/span> \/&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">div<\/span>&gt;<\/span>\n    <span class=\"hljs-tag\">&lt;<span class=\"hljs-name\">button<\/span> <span class=\"hljs-attr\">type<\/span>=<span class=\"hljs-string\">\"submit\"<\/span>&gt;<\/span>Submit<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">button<\/span>&gt;<\/span>\n<span class=\"hljs-tag\">&lt;\/<span class=\"hljs-name\">form<\/span>&gt;<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">HTML, XML<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">xml<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>In the <code>form.php<\/code> file, you can access the <code>email<\/code> value as follows:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\n<span class=\"hljs-keyword\">if<\/span> (<span class=\"hljs-keyword\">isset<\/span>($_POST&#91;<span class=\"hljs-string\">'email'<\/span>])) {\n\tvar_dump($_POST&#91;<span class=\"hljs-string\">'email'<\/span>]);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The following shows how to create a simple form (<code>form.php<\/code>) with an email input field:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'POST'<\/span>) {\n    $email = $_POST&#91;<span class=\"hljs-string\">'email'<\/span>];\n    <span class=\"hljs-keyword\">echo<\/span> $email;\n}\n<span class=\"hljs-meta\">?&gt;<\/span>\n\n&lt;form action=<span class=\"hljs-string\">\"form.php\"<\/span> method=<span class=\"hljs-string\">\"post\"<\/span>&gt;\n    &lt;div&gt;\n        &lt;label <span class=\"hljs-keyword\">for<\/span>=<span class=\"hljs-string\">\"email\"<\/span>&gt;Email:&lt;\/label&gt;\n        &lt;input type=<span class=\"hljs-string\">\"email\"<\/span> id=<span class=\"hljs-string\">\"email\"<\/span> name=<span class=\"hljs-string\">\"email\"<\/span> \/&gt;\n    &lt;\/div&gt;\n    &lt;button type=<span class=\"hljs-string\">\"submit\"<\/span>&gt;Submit&lt;\/button&gt;\n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Output:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"502\" height=\"124\" src=\"https:\/\/phptutorial.net\/wp-content\/uploads\/2025\/04\/php-form-post.gif\" alt=\"php form post\" class=\"wp-image-3194\"\/><\/figure>\n\n\n\n<p>How it works.<\/p>\n\n\n\n<p>First, set the action of the form to <code>form.php<\/code>. When you enter an email and submit the form, the <code>form.php<\/code> will process it.<\/p>\n\n\n\n<p>Second, check if the form is posted, get the email from the <code>$_POST<\/code> variable and display it on the page:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'POST'<\/span>) {\n    $email = $_POST&#91;<span class=\"hljs-string\">'email'<\/span>];\n    <span class=\"hljs-keyword\">echo<\/span> $email;\n}\n<span class=\"hljs-meta\">?&gt;<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id='http-get-method'>HTTP GET method <a href=\"#http-get-method\" class=\"anchor\" id=\"http-get-method\" title=\"Anchor for HTTP GET method\">#<\/a><\/h3>\n\n\n\n<p>When a form uses the <code>GET<\/code> method, you can access the form data in PHP via the associative array <code>$_GET<\/code> variable.<\/p>\n\n\n\n<p>Unlike the <code>POST<\/code> method, the <code>GET<\/code> method appends the form data in the URL that processes the form. For example, if the URL that processes the form is search.php and the form has the term input field.<\/p>\n\n\n\n<p>When you enter a search term as <code>php<\/code> and submit a form, the web browser will append the email to the URL like this <code>\/search.php?term=php<\/code> .<\/p>\n\n\n\n<p>The following example creates a search form with an input field:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-7\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'GET'<\/span>) {\n    <span class=\"hljs-keyword\">if<\/span>(<span class=\"hljs-keyword\">isset<\/span>($_GET&#91;<span class=\"hljs-string\">'term'<\/span>])) {\n        <span class=\"hljs-comment\">\/\/ get the search term from the URL<\/span>\n        $term = $_GET&#91;<span class=\"hljs-string\">'term'<\/span>];\n\n        <span class=\"hljs-keyword\">if<\/span>($term){\n            <span class=\"hljs-comment\">\/\/ perform search and show the result<\/span>\n            <span class=\"hljs-keyword\">echo<\/span> <span class=\"hljs-string\">\"&lt;p&gt;The result of the search for: &lt;b&gt;$term&lt;\/b&gt;&lt;\/p&gt;\"<\/span>;\n        }\n    }\n}\n<span class=\"hljs-meta\">?&gt;<\/span>\n\n\n&lt;form action=<span class=\"hljs-string\">\"search.php\"<\/span> method=<span class=\"hljs-string\">\"get\"<\/span>&gt;\n    &lt;div&gt;\n        &lt;label <span class=\"hljs-keyword\">for<\/span>=<span class=\"hljs-string\">\"term\"<\/span>&gt;Search:&lt;\/label&gt;\n        &lt;input type=<span class=\"hljs-string\">\"search\"<\/span> name=<span class=\"hljs-string\">\"term\"<\/span> placeholder=<span class=\"hljs-string\">\"Enter search term\"<\/span>&gt;\n        &lt;button type=<span class=\"hljs-string\">\"submit\"<\/span>&gt;Search&lt;\/button&gt;\n    &lt;\/div&gt;\n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-7\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Output:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"602\" height=\"124\" src=\"https:\/\/phptutorial.net\/wp-content\/uploads\/2025\/04\/php-form-get.gif\" alt=\"\" class=\"wp-image-3196\"\/><\/figure>\n\n\n\n<p>How it works.<\/p>\n\n\n\n<p>First, the form includes a field called term. It uses the GET HTTP method. When you submit the form, search.php will process the form data.<\/p>\n\n\n\n<p>Second, check if the HTTP request is GET using <code>$_SERVER['REQUEST_METHOD']<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-8\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'GET'<\/span>) {<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-8\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>If the form has multiple input elements, the web browser will append the input fields to the URL in the following format:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-9\" data-shcb-language-name=\"plaintext\" data-shcb-language-slug=\"plaintext\"><span><code class=\"hljs language-plaintext\">\/search.php?name1=value1&amp;name2=value2&amp;name3=value3<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-9\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">plaintext<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">plaintext<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Third, check if the request has the term by accessing the <code>$_GET['term']<\/code> variable:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-10\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-keyword\">if<\/span>(<span class=\"hljs-keyword\">isset<\/span>($_GET&#91;<span class=\"hljs-string\">'term'<\/span>])) {<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-10\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Finally, get the search term and display it on the page if it is not empty:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-11\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$term = $_GET&#91;<span class=\"hljs-string\">'term'<\/span>];\n\n<span class=\"hljs-keyword\">if<\/span>($term) {\n   <span class=\"hljs-comment\">\/\/ perform search and show the result<\/span>\n   <span class=\"hljs-keyword\">echo<\/span> <span class=\"hljs-string\">\"&lt;p&gt;The result of the search for: &lt;b&gt;$term&lt;\/b&gt;&lt;\/p&gt;\"<\/span>;\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-11\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Note that both <code>$_POST<\/code> and <code>$_GET<\/code> arrays are superglobal variables. It means that you can access them anywhere in the script.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id='http-get-or-post-method'>HTTP GET or POST method <a href=\"#http-get-or-post-method\" class=\"anchor\" id=\"http-get-or-post-method\" title=\"Anchor for HTTP GET or POST method\">#<\/a><\/h3>\n\n\n\n<p>In general, you should use the <code>GET<\/code> method when the form only retrieves data from the server. For example, a search form that allows users to search for information should use the <code>GET<\/code> method.<\/p>\n\n\n\n<p>You should use the <code>POST<\/code> method when you have a form that causes a change in the server. For example, a form that allows users to subscribe to a newsletter should use the <code>POST<\/code> method.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='escaping-the-output'>Escaping the output <a href=\"#escaping-the-output\" class=\"anchor\" id=\"escaping-the-output\" title=\"Anchor for Escaping the output\">#<\/a><\/h2>\n\n\n\n<p>In the examples above, both forms display the form data directly. However, the page is not secure if malicious users intentionally inject JavaScript code into the data.<\/p>\n\n\n\n<p>For example, if the following JavaScript code is entered in the <code>term<\/code> field and the form is submitted.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-12\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">&lt;script&gt;alert(<span class=\"hljs-string\">'Hello'<\/span>);&lt;\/script&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-12\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>&#8230;you&#8217;ll see that the page displays an <a href=\"https:\/\/www.javascripttutorial.net\/javascript-bom\/javascript-alert\/\" target=\"_blank\" rel=\"noreferrer noopener\">alert<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"523\" height=\"182\" src=\"https:\/\/phptutorial.net\/wp-content\/uploads\/2025\/04\/php-form-xss-attack.gif\" alt=\"php form xss attack\" class=\"wp-image-3197\"\/><\/figure>\n\n\n\n<p>Imagine that the script doesn&#8217;t just show an alert but redirect users to a malicious page that mimic the legitimate page, users may enter credential information like username\/password and lose it. This type of attack is called <a href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\" target=\"_blank\" rel=\"noreferrer noopener\">cross-site scripting (XSS) attack<\/a>.<\/p>\n\n\n\n<p>To prevent XSS attacks, before displaying user input on a webpage, you should always escape the data using the <code>htmlspecialchars()<\/code> function.<\/p>\n\n\n\n<p>For example, the following form shows how to use the <code>htmlspecialchars<\/code> function to display the search term on the page:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-13\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'GET'<\/span>) {\n    <span class=\"hljs-keyword\">if<\/span>(<span class=\"hljs-keyword\">isset<\/span>($_GET&#91;<span class=\"hljs-string\">'term'<\/span>])) {\n        <span class=\"hljs-comment\">\/\/ get the search term from the URL<\/span>\n        $term = $_GET&#91;<span class=\"hljs-string\">'term'<\/span>];\n\n        <span class=\"hljs-keyword\">if<\/span>($term) {\n            $clean_term = htmlspecialchars($term, ENT_QUOTES, <span class=\"hljs-string\">'UTF-8'<\/span>);\n            <span class=\"hljs-comment\">\/\/ perform search and show the result<\/span>\n            <span class=\"hljs-keyword\">echo<\/span> <span class=\"hljs-string\">\"&lt;p&gt;The result of the search for &lt;b&gt;$clean_term&lt;\/b&gt;:&lt;\/p&gt;\"<\/span>;\n        }\n    }\n}\n<span class=\"hljs-meta\">?&gt;<\/span>\n\n\n&lt;form action=<span class=\"hljs-string\">\"search.php\"<\/span> method=<span class=\"hljs-string\">\"get\"<\/span>&gt;\n    &lt;div&gt;\n        &lt;label <span class=\"hljs-keyword\">for<\/span>=<span class=\"hljs-string\">\"term\"<\/span>&gt;Search:&lt;\/label&gt;\n        &lt;input type=<span class=\"hljs-string\">\"search\"<\/span> name=<span class=\"hljs-string\">\"term\"<\/span> placeholder=<span class=\"hljs-string\">\"Enter search term\"<\/span>&gt;\n        &lt;button type=<span class=\"hljs-string\">\"submit\"<\/span>&gt;Search&lt;\/button&gt;\n    &lt;\/div&gt;\n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-13\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>If you enter the following term and submit the form, the page will display the term correctly and safely without executing the JavaScript code:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-14\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">&lt;script&gt;alert(<span class=\"hljs-string\">'Hello'<\/span>);&lt;\/script&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-14\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"541\" height=\"131\" src=\"https:\/\/phptutorial.net\/wp-content\/uploads\/2025\/04\/php-form-htmlspecialchars.gif\" alt=\"php form htmlspecialchars\" class=\"wp-image-3199\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id='php-self-processing-form'>PHP self-processing form <a href=\"#php-self-processing-form\" class=\"anchor\" id=\"php-self-processing-form\" title=\"Anchor for PHP self-processing form\">#<\/a><\/h2>\n\n\n\n<p>Sometimes, you want to include form and logic for handling form submission in a single PHP file. This form is often referred to as a self-processing form.<\/p>\n\n\n\n<p>To create a self-processing form, you can use the <code>$_SERVER['REQUEST_METHOD']<\/code> that returns the request method, e.g., <code>GET<\/code> or <code>POST<\/code>.<\/p>\n\n\n\n<p>If the <code>$_SERVER['REQUEST_METHOD']<\/code>&nbsp; is GET, you show the form. And if the <code>$_SERVER['REQUEST_METHOD']<\/code>&nbsp; is POST, you process it.<\/p>\n\n\n\n<p>Suppose we have a page called <code>form.php<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-15\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'POST'<\/span>) {\n    $email = $_POST&#91;<span class=\"hljs-string\">'email'<\/span>];\n    <span class=\"hljs-keyword\">echo<\/span> $email;\n}\n<span class=\"hljs-meta\">?&gt;<\/span>\n\n&lt;form action=<span class=\"hljs-string\">\"form.php\"<\/span> method=<span class=\"hljs-string\">\"post\"<\/span>&gt;\n    &lt;div&gt;\n        &lt;label <span class=\"hljs-keyword\">for<\/span>=<span class=\"hljs-string\">\"email\"<\/span>&gt;Email:&lt;\/label&gt;\n        &lt;input type=<span class=\"hljs-string\">\"email\"<\/span> id=<span class=\"hljs-string\">\"email\"<\/span> name=<span class=\"hljs-string\">\"email\"<\/span> \/&gt;\n        &lt;button type=<span class=\"hljs-string\">\"submit\"<\/span>&gt;Submit&lt;\/button&gt;\n    &lt;\/div&gt;\n   \n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-15\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The action of the form is <code>form.php<\/code>.<\/p>\n\n\n\n<p>This means that when you change the <code>form.php<\/code> to another such as <code>email.php<\/code>, then you have to change the <code>action<\/code> of the form to <code>email.php<\/code>. This is not conveninent.<\/p>\n\n\n\n<p>PHP provides a variable <code>$_SERVER['PHP_SELF']<\/code> that returns the filename of the currently executing script:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-16\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$_SERVER&#91;<span class=\"hljs-string\">'PHP_SELF'<\/span>]<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-16\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>If the currently executing script is <code>form.php<\/code>, the <code>$_SERVER['PHP_SELF']<\/code> will return <code>form.php<\/code>. This allows you to always submit to the same page even if the file name (<code>form.php<\/code>) changes:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-17\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'POST'<\/span>) {\n    $email = $_POST&#91;<span class=\"hljs-string\">'email'<\/span>];\n    <span class=\"hljs-keyword\">echo<\/span> htmlspecialchars($email);\n}\n<span class=\"hljs-meta\">?&gt;<\/span>\n\n\n&lt;form action=<span class=\"hljs-string\">\"&lt;?php echo $_SERVER&#91;'PHP_SELF']; ?&gt;\"<\/span> method=<span class=\"hljs-string\">\"post\"<\/span>&gt;\n    &lt;div&gt;\n        &lt;label <span class=\"hljs-keyword\">for<\/span>=<span class=\"hljs-string\">\"email\"<\/span>&gt;Email:&lt;\/label&gt;\n        &lt;input type=<span class=\"hljs-string\">\"email\"<\/span> name=<span class=\"hljs-string\">\"email\"<\/span>&gt;\n    &lt;\/div&gt;\n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-17\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>However, this code is also not secure and vulnerable to a cross-site scripting (XSS) attack. For example, if you append the following string to the url:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-18\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">\/%<span class=\"hljs-number\">27<\/span>%<span class=\"hljs-number\">22<\/span>\/%<span class=\"hljs-number\">3<\/span>E%<span class=\"hljs-number\">3<\/span>Cscript%<span class=\"hljs-number\">3<\/span>Ealert(<span class=\"hljs-string\">'XSS Attack'<\/span>)%<span class=\"hljs-number\">3<\/span>C\/script%<span class=\"hljs-number\">3<\/span>E<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-18\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>such as:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-19\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">\/form.php\/%<span class=\"hljs-number\">27<\/span>%<span class=\"hljs-number\">22<\/span>\/%<span class=\"hljs-number\">3<\/span>E%<span class=\"hljs-number\">3<\/span>Cscript%<span class=\"hljs-number\">3<\/span>Ealert(<span class=\"hljs-string\">'XSS Attack'<\/span>)%<span class=\"hljs-number\">3<\/span>C\/script%<span class=\"hljs-number\">3<\/span>E<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-19\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>You&#8217;ll see an alert. It means that you successfully inject JavaScript code into the form:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"706\" height=\"178\" src=\"https:\/\/phptutorial.net\/wp-content\/uploads\/2025\/04\/php-form-self-processing-form-xss-attack.gif\" alt=\"php form self-processing form xss attack\" class=\"wp-image-3200\"\/><\/figure>\n\n\n\n<p>To prevent this XSS attack, you can use the the <code>htmlspecialchars()<\/code> function:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-20\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'POST'<\/span>) {\n    $email = $_POST&#91;<span class=\"hljs-string\">'email'<\/span>];\n    <span class=\"hljs-keyword\">echo<\/span> htmlspecialchars($email);\n}\n<span class=\"hljs-meta\">?&gt;<\/span>\n\n\n&lt;form action=<span class=\"hljs-string\">\"&lt;?php echo htmlspecialchars($_SERVER&#91;'PHP_SELF']) ?&gt;\"<\/span> \n      method=<span class=\"hljs-string\">\"post\"<\/span>&gt;\n    &lt;div&gt;\n        &lt;label <span class=\"hljs-keyword\">for<\/span>=<span class=\"hljs-string\">\"email\"<\/span>&gt;Email:&lt;\/label&gt;\n        &lt;input type=<span class=\"hljs-string\">\"email\"<\/span> name=<span class=\"hljs-string\">\"email\"<\/span>&gt;\n    &lt;\/div&gt;\n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-20\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h2 class=\"wp-block-heading\" id='organizing-code'>Organizing code <a href=\"#organizing-code\" class=\"anchor\" id=\"organizing-code\" title=\"Anchor for Organizing code\">#<\/a><\/h2>\n\n\n\n<p>To make the code more organized, you can create the following file &amp; directory structure:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-21\" data-shcb-language-name=\"plaintext\" data-shcb-language-slug=\"plaintext\"><span><code class=\"hljs language-plaintext\">.\n\u251c\u2500\u2500 css\n\u2502   \u2514\u2500\u2500 style.css\n\u251c\u2500\u2500 inc\n\u2502   \u251c\u2500\u2500 header.php\n\u2502   \u251c\u2500\u2500 footer.php\n\u2502   \u251c\u2500\u2500 get.php\n\u2502   \u251c\u2500\u2500 post.php\n\u2502   \u2514\u2500\u2500 .htaccess      \n\u2514\u2500\u2500 index.php<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-21\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">plaintext<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">plaintext<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The <code>index.php<\/code> file in the root directory will include the <code>header.php<\/code> and <code>footer.php<\/code>.<\/p>\n\n\n\n<p>If the request method is <code>GET<\/code>, the <code>index.php<\/code> file loads the form in the <code>get.php<\/code> file. Otherwise, it loads the code from the <code>post.php<\/code> file for processing the <code>POST<\/code> request.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id='index-php'>index.php <a href=\"#index-php\" class=\"anchor\" id=\"index-php\" title=\"Anchor for index.php\">#<\/a><\/h3>\n\n\n\n<p>The following shows the <code>index.php<\/code> file:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-22\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span>\n\n<span class=\"hljs-keyword\">require<\/span> <span class=\"hljs-keyword\">__DIR__<\/span> . <span class=\"hljs-string\">'\/inc\/header.php'<\/span>;\n\n$request_method = strtoupper($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>]);\n\n<span class=\"hljs-keyword\">if<\/span> ($request_method === <span class=\"hljs-string\">'GET'<\/span>) {\n\t<span class=\"hljs-keyword\">require<\/span> <span class=\"hljs-keyword\">__DIR__<\/span> . <span class=\"hljs-string\">'\/inc\/get.php'<\/span>;\n} <span class=\"hljs-keyword\">elseif<\/span> ($request_method === <span class=\"hljs-string\">'POST'<\/span>) {\n\t<span class=\"hljs-keyword\">require<\/span> <span class=\"hljs-keyword\">__DIR__<\/span> .  <span class=\"hljs-string\">'\/inc\/post.php'<\/span>;\n}\n\n<span class=\"hljs-keyword\">require<\/span> <span class=\"hljs-keyword\">__DIR__<\/span> .  <span class=\"hljs-string\">'\/inc\/footer.php'<\/span>;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-22\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id='header-php'>header.php <a href=\"#header-php\" class=\"anchor\" id=\"header-php\" title=\"Anchor for header.php\">#<\/a><\/h3>\n\n\n\n<p>The <code>header.php<\/code> contain the first part of the page:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-23\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">&lt;!DOCTYPE html&gt;\n&lt;html lang=<span class=\"hljs-string\">\"en\"<\/span>&gt;\n&lt;head&gt;\n    &lt;meta charset=<span class=\"hljs-string\">\"UTF-8\"<\/span>&gt;\n    &lt;meta name=<span class=\"hljs-string\">\"viewport\"<\/span> content=<span class=\"hljs-string\">\"width=device-width, initial-scale=1.0\"<\/span>&gt;\n    &lt;link rel=<span class=\"hljs-string\">\"stylesheet\"<\/span> href=<span class=\"hljs-string\">\"css\/style.css\"<\/span>&gt;\n    &lt;title&gt;PHP Form&lt;\/title&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n    &lt;main&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-23\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id='footer-php'>footer.php <a href=\"#footer-php\" class=\"anchor\" id=\"footer-php\" title=\"Anchor for footer.php\">#<\/a><\/h3>\n\n\n\n<p>The <code>footer.php<\/code> file contains the enclosing tags of the page:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-24\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">&lt;\/main&gt;\n&lt;\/body&gt;\n\n&lt;\/html&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-24\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id='get-php'>get.php <a href=\"#get-php\" class=\"anchor\" id=\"get-php\" title=\"Anchor for get.php\">#<\/a><\/h3>\n\n\n\n<p>The <code>get.php<\/code> file contains the form:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-25\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">&lt;form action=<span class=\"hljs-string\">\"&lt;?php echo htmlspecialchars($_SERVER&#91;'PHP_SELF']) ?&gt;\"<\/span> \n      method=<span class=\"hljs-string\">\"post\"<\/span>&gt;\n    &lt;div&gt;\n        &lt;label <span class=\"hljs-keyword\">for<\/span>=<span class=\"hljs-string\">\"email\"<\/span>&gt;Email:&lt;\/label&gt;\n        &lt;input type=<span class=\"hljs-string\">\"email\"<\/span> name=<span class=\"hljs-string\">\"email\"<\/span>&gt;\n        &lt;button type=<span class=\"hljs-string\">\"submit\"<\/span>&gt;Submit&lt;\/button&gt; \n    &lt;\/div&gt;\n&lt;\/form&gt;<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-25\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id='post-php'>post.php <a href=\"#post-php\" class=\"anchor\" id=\"post-php\" title=\"Anchor for post.php\">#<\/a><\/h3>\n\n\n\n<p>The following shows the <code>post.php<\/code> file that handles the form submission:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-26\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-meta\">&lt;?php<\/span> \n\n<span class=\"hljs-keyword\">if<\/span>($_SERVER&#91;<span class=\"hljs-string\">'REQUEST_METHOD'<\/span>] === <span class=\"hljs-string\">'POST'<\/span>) {\n    $email = $_POST&#91;<span class=\"hljs-string\">'email'<\/span>];\n    <span class=\"hljs-keyword\">echo<\/span> htmlspecialchars($email);\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-26\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id='htaccess'>.htaccess <a href=\"#htaccess\" class=\"anchor\" id=\"htaccess\" title=\"Anchor for .htaccess\">#<\/a><\/h3>\n\n\n\n<p>The <code>.htaccess<\/code> file prevents direct access to the files in the <code>inc<\/code> directory. It&#8217;s relevant only to the Apache webserver.<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-27\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">Deny from all<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-27\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>By using the .htaccess file, you cannot browse the file directly from the <code>inc<\/code> folder.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id='summary'>Summary <a href=\"#summary\" class=\"anchor\" id=\"summary\" title=\"Anchor for Summary\">#<\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use the <code>&lt;form&gt;<\/code> tag to create an HTML form.<\/li>\n\n\n\n<li>Specify the URL that processes the form submission in the <code>action<\/code> attribute.<\/li>\n\n\n\n<li>Use either <code>GET<\/code> or <code>POST<\/code> method for the <code>method<\/code> attribute of the form for submission.<\/li>\n\n\n\n<li>Use the <code>$_GET<\/code> or <code>$_POST<\/code> to access the form data.<\/li>\n\n\n\n<li>Use the <code>htmlspecialchars()<\/code> function to escape the user input before showing it on a webpage.<\/li>\n<\/ul>\n<div class=\"helpful-block-content\" data-title=\"\">\n\t<header>\n\t\t<div class=\"wth-question\">Did you find this tutorial useful?<\/div>\n\t\t<div class=\"wth-thumbs\">\n\t\t\t<button\n\t\t\t\tdata-post=\"79\"\n\t\t\t\tdata-post-url=\"https:\/\/www.phptutorial.net\/php-tutorial\/php-form\/\"\n\t\t\t\tdata-post-title=\"PHP Form\"\n\t\t\t\tdata-response=\"1\"\n\t\t\t\tclass=\"wth-btn-rounded wth-yes-btn\"\n\t\t\t>\n\t\t\t\t<svg\n\t\t\t\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\n\t\t\t\t\tviewBox=\"0 0 24 24\"\n\t\t\t\t\tfill=\"none\"\n\t\t\t\t\tstroke=\"currentColor\"\n\t\t\t\t\tstroke-width=\"2\"\n\t\t\t\t\tstroke-linecap=\"round\"\n\t\t\t\t\tstroke-linejoin=\"round\"\n\t\t\t\t\tclass=\"feather feather-thumbs-up block w-full h-full\"\n\t\t\t\t>\n\t\t\t\t\t<path\n\t\t\t\t\t\td=\"M14 9V5a3 3 0 0 0-3-3l-4 9v11h11.28a2 2 0 0 0 2-1.7l1.38-9a2 2 0 0 0-2-2.3zM7 22H4a2 2 0 0 1-2-2v-7a2 2 0 0 1 2-2h3\"\n\t\t\t\t\t><\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t<span class=\"sr-only\"> Yes <\/span>\n\t\t\t<\/button>\n\n\t\t\t<button\n\t\t\t\tdata-response=\"0\"\n\t\t\t\tdata-post=\"79\"\n\t\t\t\tdata-post-url=\"https:\/\/www.phptutorial.net\/php-tutorial\/php-form\/\"\n\t\t\t\tdata-post-title=\"PHP Form\"\n\t\t\t\tclass=\"wth-btn-rounded wth-no-btn\"\n\t\t\t>\n\t\t\t\t<svg\n\t\t\t\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\n\t\t\t\t\tviewBox=\"0 0 24 24\"\n\t\t\t\t\tfill=\"none\"\n\t\t\t\t\tstroke=\"currentColor\"\n\t\t\t\t\tstroke-width=\"2\"\n\t\t\t\t\tstroke-linecap=\"round\"\n\t\t\t\t\tstroke-linejoin=\"round\"\n\t\t\t\t>\n\t\t\t\t\t<path\n\t\t\t\t\t\td=\"M10 15v4a3 3 0 0 0 3 3l4-9V2H5.72a2 2 0 0 0-2 1.7l-1.38 9a2 2 0 0 0 2 2.3zm7-13h2.67A2.31 2.31 0 0 1 22 4v7a2.31 2.31 0 0 1-2.33 2H17\"\n\t\t\t\t\t><\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t<span class=\"sr-only\"> No <\/span>\n\t\t\t<\/button>\n\t\t<\/div>\n\t<\/header>\n\n\t<div class=\"wth-form hidden\">\n\t\t<div class=\"wth-form-wrapper\">\n\t\t\t<div class=\"wth-title\"><\/div>\n\t\t\t\n\t\t\t<textarea class=\"wth-message\"><\/textarea>\n\n\t\t\t<button class=\"btn btn-primary wth-btn-submit\">Send<\/button>\n\t\t\t<button class=\"btn wth-btn-cancel\">Cancel<\/button>\n\t\t\n\t\t<\/div>\n\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how HTML forms work and how to process form data in PHP.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":15,"menu_order":82,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-79","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/79","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/comments?post=79"}],"version-history":[{"count":5,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/79\/revisions"}],"predecessor-version":[{"id":3203,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/79\/revisions\/3203"}],"up":[{"embeddable":true,"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/pages\/15"}],"wp:attachment":[{"href":"https:\/\/www.phptutorial.net\/wp-json\/wp\/v2\/media?parent=79"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}