Form Handling in PHP

Section 4: Form Handling in PHP

In this section, we'll dive into the essential aspects of handling form data using PHP. We'll cover processing form data, validating and sanitizing user input, and working with superglobal arrays to manage form submissions.


Processing Form Data

When a user submits a form, PHP can be used to process the data submitted. Here's an example of a simple HTML form and how PHP can handle the submitted data:


HTML Form:

<!DOCTYPE html>

<html>

<head>

    <title>Sample Form</title>

</head>

<body>

    <form method="post" action="process-form.php">

        <label for="username">Username:</label>

        <input type="text" id="username" name="username">


        <label for="password">Password:</label>

        <input type="password" id="password" name="password">


        <input type="submit" value="Submit">

    </form>

</body>

</html>

PHP (process-form.php):

<?php

    // Check if the form is submitted

    if ($_SERVER["REQUEST_METHOD"] == "POST") {

        // Retrieve form data

        $username = $_POST["username"];

        $password = $_POST["password"];


        // Process the data (e.g., perform validation, database operations)


        // Display the submitted data

        echo "Username: $username<br>";

        echo "Password: $password";

    }

?>

Validating and Sanitizing User Input

It's crucial to validate and sanitize user input to ensure the security and integrity of your application. Here's an example of how to perform basic validation:

<?php

    // Validate username

    $username = $_POST["username"];

    if (empty($username)) {

        echo "Username is required";

    } else {

        // Sanitize the input

        $sanitizedUsername = filter_var($username, FILTER_SANITIZE_STRING);

        echo "Sanitized Username: $sanitizedUsername";

    }


    // Validate and sanitize password

    $password = $_POST["password"];

    if (strlen($password) < 6) {

        echo "Password must be at least 6 characters long";

    } else {

        // Hash the password for secure storage

        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);

        echo "Hashed Password: $hashedPassword";

    }

?>


Working with Superglobal Arrays

Superglobal arrays in PHP, such as $_GET, $_POST, and $_REQUEST, provide access to form data. Here's a brief overview:

<?php

    // Using $_POST to access form data submitted with the POST method

    $username = $_POST["username"];

    $password = $_POST["password"];


    // Using $_GET to access form data submitted with the GET method

    $searchQuery = $_GET["query"];


    // Using $_REQUEST to access both GET and POST data

    $dataFromRequest = $_REQUEST["data"];


    // Handle the data as needed

?>

By understanding these concepts, you'll be well-equipped to handle form submissions, validate user input, and ensure the security of your PHP applications. Practice these techniques to enhance your form handling skills.