Working with HTML Forms in PHP

How to accept data posted from HTML forms by users with PHP.

Normal HTML Forms are used when submitting messages in guestbooks, and forums. They are also useful when creating password protected areas of a site.

Name Example

The below form is used to submit your name to a PHP Script, the script will then handle and display the name in your browser.

The name attribute on the input elements is the name of the $_POST arrays in PHP.

<form action="action.php" method="post">
 <p>Your name: <input type="text" name="name"></p>
 <p>Your last name: <input type="text" name="last"></p>
 <p><input type="submit"></p>
</form>

The PHP Script would then be named action.php, and its content would be:

<p>Hello <?php echo $_POST['name'] . $_POST['last']; ?></p>

Regular Expression

Its important to validate input from users, to avoid security issues. One of the best way to do this, is to use a Regular Expression to get rid of special characters. So we add the following If statement to the code:

if ((preg_match("/^[a-zA-Z]{3,100}$/D", $_POST['name'])) && (preg_match("/^[a-zA-Z]{3,100}$/D", $_POST['last']))) {

  <p>Hello <?php echo $_POST['name'] . $_POST['last']; ?></p>

}

Above regular expression [a-zA-Z] allows the string to contain both the uppercase and lowercase characters A to Z, while the {3,100} part tells that the string must be between 3 to 100 characters in length.

Htmlspecialchars Function

Those who don't like regular expressions can use this function, this will automatically convert some characters with special meaning, to their HTML entities.

<p>Hello <?php echo htmlspecialchars($_POST['name']) . htmlspecialchars($_POST['last']); ?></p>

The posted data was accessed through the $_POST superglobal, which will contain all post data. You can also submit using the get method in your form, in that case you simply use the $_GET superglobal instead.

Radio Buttons

A few ways of getting the value of Radiobuttons in PHP.

Getting the value of radio buttons is actually easy, each input should have a name assigned through the name attribute, we will use this in the $_POST array of PHP. So if we got the below form:

<form action="action.php" method="post">
<div><input type="radio" name="state" value="Active" checked="checked"><label>Active</label></div>
<div><input type="radio" name="state" value="Inactive"><label>Inactive/Disabled</label></div>
</form>

The PHP code used to get the value of the radio buttons would be:

<?php

if ($_POST['state'] == 'Active'){
  /* Do stuff Here */
} else {
  /* If state was either inactive or not Selected */
}

?>

We can then make a choice based upon if the radio button was checked, and/or which one that where checked.

You can also use the isset function to check if a field was left empty, this is done like below:

<?php

if (isset($_POST['state']) {
/* A Radio button was Selected */
} else {
/* A Radio button was not Selected
   so we exit the script without action. */
  echo 'Please make a Choice!';
  exit();
}

?>

If the checkbox was left empty, we simply tell the user to make a choice, and exit the script without action.

Post comment

Links that you insert are not nofollowed, but will be removed by admins if they are considered spam.

[url=Absolute URL for page]TITLE[/url]

You should insert code boxes around code examples, which will be automatically syntax highlighted.

[code1 html|css|javascript|php|sql]Your Code Here[/code1]

You may want to read our Privacy Policy before submitting your comment.