Php form submit methods example

We often develop web form to capture user data, form can be submitted using two different methods, post and get.

In this tutorial you will learn how to submit form in php application, and also how to capture data from php form, and then to submit to database.

Form methods in php

Let's understand how to retrieve HTML Form data in PHP web application, we will learn php form submit methods get and post, you will see the difference between get and post method in php form.

Here we design two php form with different method type, will see how to retrieve data when the form is posted or submitted.

Php form Get method example

Following form has two fields and the method is set to GET

<form action="contact-us.php" method="get">
 Name: <input type="text" id="fullname" />
 Email: <input type="text" id="email" />
    <input type="submit" value="Subscribe"/>
</form>

Now when the form is submitted, we will be able to capture value in following code.

Note: we have used a isset() function, The isset() function return false if testing variable contains a NULL value.

<?php
// Check if the form is submitted 
 if (isset($_GET['submit'])) 
{ 
	$personName =  $_GET['fullname']; 	 
	$email =  $_GET['email']; 	 
} 
?>

Notice : when any form is submitted with method=”get”, you will be able to see all submitted values in query string with field name.

Php form Post method example

Following form has two fields and the method is set to POST

<form action="contact-us.php" method="post">
 Name: <input type="text" id="fullname" />
 Email: <input type="text" id="email" />
 <input type="submit" value="Subscribe"/>
</form>

Now we retrieve form data in PHP code when form is submitted with POST method, with post methods form values are posted to server.

Note: you won’t be able to see values in query string like in GET method

<?php
 // Check if the form is submitted 
 if (isset(  $_POST['submit'] )) 
 { 
	 $personName =  $_POST['fullname']; 	 
	 $email =  $_POST['email']; 	 
 } 
?>

add anti forgery token (CSRF) in PHP form post

So far we have seen how to post form in php application, but above example is not very secure way of submitting form, we must consider how to protect from cross-site request, so people can't make fake request.

First, we learn how to create anti forgery token in php script.

    session_start();
    if (empty($_SESSION['requestToken'])) {
        $_SESSION['requestToken'] = bin2hex(random_bytes(32));
    }
    $receivedToken = $_SESSION['requestToken'];

Now add this token to hidden field of your form.

    <input type="hidden" name="requestToken" value="<?php echo $receivedToken; ?>" />

Now to receive and check if the request is valid or not, use following code.

if (!empty($_POST['requestToken'])) {
        $receivedToken = $_POST['requestToken'];
    if (hash_equals($_SESSION['requestToken'], $receivedToken)) {
         // this is valid request 
    } else {
         // this is NOT a valid request 
    }
}

Here is another good example of how to implement Semi-Automatic CSRF Protection in PHP form post.

Now probably you would like to know how php form data getting saved in mysql database

PHP Examples | Join PHP Online Course