PHP FORM HANDLING

PHP FORMS

One of the most powerful features of PHP

is the way it handles HTML forms. The basic
concept that is important to understand is that
any form element will automatically be
available to your PHP scripts.
 PHP FORMS

Example: (sample.php) – Using POST method

<html>
<body>

<form action="welcome.php" method="post">

Name: <input type="text" name="name"><br>
Age: <input type="text" name="age"><br>
<input type="submit" name="submit">
</form>

</body>
</html>
 PHP FORMS

Example1: (sample.php) – Using POST method

<html>
<body>

<form action="welcome.php" method="post">

Name: <input type="text" name="name"><br>
Age: <input type="text" name="age"><br>
<input type="submit" name="submit">
Sample Output:
</form>

</body>
</html>
 PHP FORMS

When the user fills out the form and clicks

the submit button, the form data is sent for
processing to a PHP file named "welcome.php".

The form data is sent with the HTTP

POST method.
 PHP FORMS

To display the submitted data you could

simply echo all the variables. The
"welcome.php" looks like this:
<?php
echo "Your Name is:" . $_POST["name"];
echo "<br>";
echo "Your Age is:" . $_POST["age"];
?>
Sample Output:
 PHP FORMS

Example2: (sample.php) – Using GET method

<html>
<body>

<form action="welcome2.php" method="GET">

Name: <input type="text" name="name"><br>
Age: <input type="text" name="age"><br>
<input type="submit" name="submit">
Sample Output:
</form>

</body>
</html>
 PHP FORMS

When the user fills out the form and clicks

the submit button, the form data is sent for
processing to a PHP file named "welcome.php".

The form data is sent with the HTTP GET

method.
 PHP FORMS

To display the submitted data you could

simply echo all the variables. The
"welcome2.php" looks like this:
<?php
echo "Your Name is:" . $_GET["name"];
echo "<br>";
echo "Your Age is:" . $_GET["age"];
?>
Sample Output:
 GET vs. POST
Both GET and POST create an array
(e.g. array( key => value, key2 => value2,
key3 => value3, ...)). This array holds key/value
pairs, where keys are the names of the form
controls and values are the input data from the
user.
Both GET and POST are treated as $_GET
and $_POST. These are superglobals, which
means that they are always accessible,
regardless of scope - and you can access them
from any function, class or file without having to
do anything special.
 GET vs. POST

$_GET is an array of variables passed to

the current script via the URL parameters.

$_POST is an array of variables passed to

the current script via the HTTP POST method.
 The main points about POST method are as follows:

• The POST method is used to collect values from a form.

• The POST method has no limits on the amount of information to send because
URL lengths are unlimited.
• The POST method is the not default method for many browsers.
• In the POST method, the page and the encoded information are not separated by
the question mark (?) sign.
• In the POST method, the browser doesn't append the data onto the URL.
• The POST method is secure because information sent from a form with the GET
method is invisible to everyone.
• The POST method can be used to send binary data, like images or Word
documents, to the server.
• In the POST method, the data is sent as standard input.
• The POST method is slower than the GET method.
• PHP provides the $_POST associative array to access all the information sent using
12/28/2024 12
 • Why use $_POST?
– Variables sent with HTTP POST are not shown in
the URL
– Variables have no length limit
• However, because the variables are not displayed in
the URL, it is not possible to bookmark the page.

12/28/2024 13
 PHP $_GET
• The $_GET variable is an array of variable names and values
sent by the HTTP GET method.
– $_GET is an array of variables passed to the current script
via the URL parameters.
• The $_GET variable is used to collect values from a form with
method="get".
• Information sent from a form with the GET method is visible to
everyone (it will be displayed in the browser's address bar) and
it has limits on the amount of information to send (max. 2000
characters).
• Note: GET should NEVER be used for sending passwords or
other sensitive information
12/28/2024 14
 The main points about the GET method are as follows:

• The GET method is used to collect values in a form.

• GET method is used when the URL is sent to the server.
• GET method has limits on the amount of information to send because URL
lengths are limited.
• The Get method is used to retrieve web pages from the server.
• The GET method is the default method for many browsers.
• Data is sent as a part of the URL in 'name-value' pairs.
• In the GET method page and the encoded information are separated by the
question mark (?) sign.
• In the GET method, the browser appends the data onto the URL.
• The Get method is less secure because information sent from a form with the GET
method is visible to everyone (it will be displayed in the browser's address bar) .
• GET can't be used to send binary data, like images or word documents, to the
server.
12/28/2024 15
 The $_REQUEST Variable

• The PHP $_REQUEST variable contains the contents of

both $_GET, $_POST, and $_COOKIE.
• The PHP $_REQUEST variable can be used to get the
result from form data sent with both the GET and POST
methods.
• Example
Welcome <?php echo $_REQUEST["name"]; ?>.<br />
You are <?php echo $_REQUEST["age"]; ?> years old!

12/28/2024 16
 Processing Form in only one PHP File

Example: (onepage.php)

<form action= "onepage.php" method="GET">

Name: <input type="text" name="name"><br>
Age: <input type="text" name="age"><br>
<input type="submit" name="submit">
</form>
<?php
if (isset($_GET['submit']))
{
echo "Your Name is:" . $_GET["name"];
echo "<br>";
echo "Your Age is:" . $_GET["age"];
}
?>
 Processing Form in only one PHP File
Explanation:

You know about the if statement. But in

between the round brackets, we have isset( ).
This is an inbuilt function that checks if a variable
has been set or not. In between the round
brackets, you type what you want isset( ) to
check. For us, this is $_POST['Submit']. If the
user just refreshed the page, then no value will be
set for the Submit button. If the user did click the
Submit button, then PHP will automatically return
a value.
 Validate Form Data
• Required field will check whether the field is filled or not in
the proper way.
• What is Validation?
– Validation means check the input submitted by the user.
There are two types of validation are available in PHP.
They are as follows −
• Client-Side Validation − Validation is performed on the client
machine web browsers.
• Server Side Validation − After submitted by data, The data has
sent to a server and perform validation checks in server
machine.
12/28/2024 19
 Some of Validation rules for field

Field Validation Rules

Name Should required letters and white-spaces

Email Should required @ and .

Website Should required a valid URL

Radio Must be selectable at least once

Check Box Must be checkable at least once

Drop Down menu Must be selectable at least once

12/28/2024 20
 Form Validation/Required/Email/Complete
You’re probably already familiar with
the input element’s type attribute. This is the
attribute that determines what kind of form input
will be presented to the user.
If it is omitted—or in the case of new input
types and older browsers, not understood—it still
works; the input will default to type="text". This is
the key that makes HTML5 forms usable today
even if you’re still supporting older browsers. If
you use a new input type, such as email or
search, older browsers will simply present users
with a standard text field.
 The required Attribute

The required Attribute

- The required attribute is a boolean attribute.
- When present, it specifies that the element must
be filled out before submitting the form.

<form action= "onepage.php" method="POST">

Name: <input type="text" name="name"
required><br>
Age: <input type="text" name="age" required><br>
<input type="submit" name="submit">
</form>
 Form Validation (Number)

Input Type Number

The <input type="number"> defines a
numeric input field.

<form action= "onepage.php" method="POST">

Name: <input type="text" name="name" required><br>
Age: <input type="number" name="age"
required><br>
<input type="submit" name="submit">
</form>
 Form Validation (Number)

You can also set restrictions on what numbers

are accepted.

<form action= "onepage.php" method="POST">

Name: <input type="text" name="name" required><br>
Age: <input type="number" name="age" required min='20' max =
'30'><br>
<input type="submit" name="submit">
</form>
 Form Validation (Email)

Input Type Email

The <input type="email"> is used for input
fields that should contain an e-mail address.

<form action= "onepage.php" method="POST">

Email: <input type= "email" name= "email"
required><br>
<input type="submit" name="submit">
</form>
 Form Validation (Date)

Input Type Date

The <input type=“date"> is used for input
fields that should contain a date.

<form action= "onepage.php" method="POST">

Birthdate: <input type= "date" name= "bdate"
required><br>
<input type="submit" name="submit">
</form>
 Form Validation (URL)

Input Type Date

The <input type="url"> is used for input
fields that should contain a URL address.

<form action= "onepage.php" method="POST">

Website: <input type= "url" name= "url" required><br>
<input type="submit" name="submit">
</form>
Special symbols
• The preg_match() function searches a string for pattern, returning true if
the pattern exists, and false otherwise.
if (preg_match("/ard/", "Harding"))
echo "Matches";
Else
echo "No match";
Example: Valid URL
$website = input($_POST["site"]);
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?
=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i", $website))
{
$websiteErr = "Invalid URL";
}