PHP Form Submission | PHP Tutorial - Learn with VOKS
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL
Back Next
PHP
01. Introduction 02. PHP Configuration 03. PHP CRUD (Create, Read, Update, Delete) 04. PHP Error Handling 05. PHP Form Submission 06. Login System 07. PHP Comments

PHP Form Submission

HTML Form Basics

Example:

<form action="process.php" method="post">
    Name: <input type="text" name="name"><br><br>
    Email: <input type="email" name="email"><br><br>
    <input type="submit" value="Submit">
</form>


GET vs POST Methods

Key Notes:

  • Use POST for sensitive data (passwords, personal info).
  • GET appends data to the URL, visible to users.


Accessing Form Data in PHP

  • POST data: $_POST['field_name']
  • GET data: $_GET['field_name']
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = $_POST['name'];
    $email = $_POST['email'];

    echo "Name: $name <br>";
    echo "Email: $email <br>";
}
?>
  • $_SERVER["REQUEST_METHOD"] ensures the form was submitted via POST.


Validating Form Data

Validation ensures data is safe and correct before processing:

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = trim($_POST['name']);   // Remove extra spaces
    $email = trim($_POST['email']);

    // Check if fields are empty
    if (empty($name) || empty($email)) {
        echo "All fields are required!";
    } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo "Invalid email format!";
    } else {
        echo "Form submitted successfully.<br>";
        echo "Name: $name <br>Email: $email";
    }
}
?>

Notes:

  • trim() removes whitespace
  • filter_var() validates email, URLs, etc.
  • Always validate server-side, even if you have client-side validation.


Preventing XSS (Cross-Site Scripting)

Use htmlspecialchars() to convert special characters:

$name = htmlspecialchars($_POST['name']);
$email = htmlspecialchars($_POST['email']);

This prevents users from injecting malicious scripts.


Sticky Forms (Keep Data After Submission)

<form method="post">
    Name: <input type="text" name="name" value="<?php echo isset($_POST['name']) ? htmlspecialchars($_POST['name']) : ''; ?>"><br><br>
    Email: <input type="email" name="email" value="<?php echo isset($_POST['email']) ? htmlspecialchars($_POST['email']) : ''; ?>"><br><br>
    <input type="submit" value="Submit">
</form>
  • Useful when validation fails; the user doesn’t have to retype data.


File Uploads via Forms

<form method="post" enctype="multipart/form-data">
    Select file: <input type="file" name="file"><br><br>
    <input type="submit" name="upload" value="Upload">
</form>

<?php
if(isset($_POST['upload'])){
    $target_dir = "uploads/";
    $target_file = $target_dir . basename($_FILES["file"]["name"]);

    if(move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)){
        echo "File uploaded successfully!";
    } else {
        echo "Error uploading file.";
    }
}
?>

Notes:

  • $_FILES['file']['tmp_name'] → Temporary location
  • move_uploaded_file() → Move to permanent location
  • Always validate file type and size for security


Features of this example:

  • Validates all fields
  • Displays errors inline
  • Prevents XSS attacks using htmlspecialchars()
  • Shows success message when submitted


Practice Example: Complete PHP Form Submission

Example Code:
<?php
// Handle form submission
$name = $email = $message = "";
$nameErr = $emailErr = $messageErr = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Name validation
    if(empty($_POST["name"])){
        $nameErr = "Name is required";
    } else {
        $name = htmlspecialchars($_POST["name"]);
    }

    // Email validation
    if(empty($_POST["email"])){
        $emailErr = "Email is required";
    } elseif(!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)){
        $emailErr = "Invalid email format";
    } else {
        $email = htmlspecialchars($_POST["email"]);
    }

    // Message validation
    if(empty($_POST["message"])){
        $messageErr = "Message is required";
    } else {
        $message = htmlspecialchars($_POST["message"]);
    }

    // Display success if no errors
    if(empty($nameErr) && empty($emailErr) && empty($messageErr)){
        echo "<h3>Form Submitted Successfully!</h3>";
        echo "Name: $name <br>Email: $email <br>Message: $message";
    }
}
?>

<h2>Contact Form</h2>
<form method="post">
    Name: <input type="text" name="name" value="<?php echo $name; ?>">
    <span style="color:red;"><?php echo $nameErr; ?></span><br><br>
    
    Email: <input type="email" name="email" value="<?php echo $email; ?>">
    <span style="color:red;"><?php echo $emailErr; ?></span><br><br>
    
    Message: <textarea name="message"><?php echo $message; ?></textarea>
    <span style="color:red;"><?php echo $messageErr; ?></span><br><br>
    
    <input type="submit" value="Submit">
</form>
PHP
Introduction PHP Configuration PHP CRUD (Create, Read, Update, Delete) PHP Error Handling PHP Form Submission Login System PHP Comments
All Courses
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL