GET and POST forms

When PHP was originally created, its main purpose was handling form data. It has later been extended to cover pretty much anything else as well, but you will soon realize that handling form data is a pretty big part of making dynamic websites. Every time you interact with the user, it's usually through a form, which is an HTML tag containing other HTML tags which represents various form elements, e.g. a textbox, a radiobutton, a list or one of the other elements.

This is not really an HTML tutorial, and we won't go much into the different elements, but we will have a look at the form tag, since it's important to understand how to properly use it along with PHP. Here is a simple form, where we use a bit of PHP as well.
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    Your name:
    <input type="text" name="txtName" />
    <input type="submit" name="btnSendForm" value="Send" />
</form>
It's a pretty standard form. The only PHP'ish thing we do, is to use the $_SERVER array to get the current filename of the script and put it into the action attribute of the form tag. This will ensure that once the form is submitted, the data is sent to the exact same page. It's also possible to submit form data to another page, but in these examples, we will post it to the same page, mainly because it's nice and easy. We specify that the method to be used when submitting the form should be POST. The other alternative is the GET method, and while there are a bunch of technical differences, you should focus on the fact that the data submitted will end up in different places depending on the method used. Also, GET data is displayed in the browser address field as parameters, while POST data is not really visible to the user.

The above example is kinda boring. It doesn't really do anything, as you will see if you test it out. There's no magic, but fortunately, PHP is great with forms. Let's expand on the example and do something with the data that is submitted through the form.
<?php
if(isset($_POST["txtName"]))
{
    echo "The form was submitted - your name is: " . $_POST["txtName"];
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    Your name:
    <input type="text" name="txtName" />
    <input type="submit" name="btnSendForm" value="Send" />
</form>
The only real magic here is the $_POST array. Each time a form is submitted, this array is filled with all possible values from the form being submitted. In this case, once the form is submitted, the array will contain two items, with the keys "txtName" and "btnSendForm" and their respective values. This is pretty cool, because it gives us easy access to the values submitted by the user. That's why we can tell the user what his or her name is, by outputting the value from the $_POST array where "txtName" is the key.

Now, with POST forms, the data has to come from a POST request to the page. As mentioned earlier, GET forms append their data to the page URL, that is, the address you see in your browser. This of course means that you don't necessarily have to submit the data to the $_GET array using a form. You can just as easily write the values in the address field your self. For instance, consider this example page, where we don't even have a form:
<?php
if(isset($_GET["name"]))
{
    echo "Your name: " . $_GET["name"];
}
?>
If you call up the page in your browser, you will see nothing. However, try calling the file with a name parameter, like this:

file.php?name=John Doe

This example shows you that GET data can come directly from the user. You can try changing the first example in this chapter - simply replace post with get, and it will work just as well.

Both of these examples were very simply, but fortunately, that's mainly because handling form data is pretty easy with PHP. However, there are several security related things you should know. We will talk much more about it in the next chapter.
<PreviousNext>
^ Back to Top