|

Process HTML Forms With PHP

This Is The Processing Form Data With PHP Tutorial Youll Love

Working with Forms when building websites seems so easy. There are in fact many details to be aware of. In the HTML Tutorial Series, we had a good look at an HTML Form Tutorial, but we didn’t get a chance to investigate how we would actually process the data we collect from the form. Now we are in the midst of a great PHP Tutorial Series and what better time to have a look at Form Processing with PHP than right now. We learned that links and URLs pass data via the GET super global. In this episode, we’ll take a look at the POST super global, and how it ties in to processing forms in PHP. Let’s jump right in!


3 Ways To Get User Data

  • Links and URLs By making use of a query string, key / value pairs of data can be passed via the GET super global
  • Forms With HTML Forms, POST is the usual method of data transfer and does not require encoding / decoding the way Links and URLs do
  • Cookies By setting cookie values via PHP, you can then read and write data to an associative array as needed

In this adventure we’ll be specifically targeting the 2nd approach with POST requests and HTML Forms in PHP. It is by the $_POST super global variable that we can access data submitted by the form. The various fields in the HTML Form will have a name attribute which will then become the key of the associative array in $_POST. You can make use of form processing via a 2 page process, or a single page form process. There are pros and cons to each, and for now we’ll take a look at the 2 page approach. What this means is that your first page will contain the HTML markup for the form. That form will have an action attribute, and the value of that attribute is the second PHP page that will process the data. The easiest way to see how this works is to create it in code.

htmlformbuiltwithlove.php

process_form.php

So there we have our two page setup for form processing at its most very basic. If we load up htmlformbuiltwithlove.php in our browser, we can enter some information into the form. In the first field we will enter https://ello.co and in the second we’ll enter Social. Then we’ll hit the Submit Button and see what happens.

Very Cool! You can see how the name attribute became the key in our array, and the data we typed became the value of that particular key. This data was passed from page one to page to via the POST method. Let’s look at grabbing the data out of that array and actually using it. In your actual programs, the sky is the limit in terms of how you can process this information. Let’s just grab the two values, put them in variables, then use them on the page somehow. We’ll update the process_form.php file like so and see what we can do.

process_form.php

Hi bud, thanks for submitting https://ello.co to the Social category.

Detecting Form Submission

Now that we have an understanding of how to create a basic HTML form on one page, and a PHP processing script on another, let’s now look at how to detect if there was a form submission. This is a common and necessary step with processing forms in PHP. There are many reasons for this, but one of the main ones is if a user tries to load the form processing page directly, as this will cause errors in your application. So what’s the best way to do this? Let’s have a look.

Set Default Values

One thing we can do is set up some logic to assign default values if needed. This way if the user submits the actual form processing page instead of the HTML form itself, we can set values to something sensible as needed. Using the ternary operator is an easy way to do this.

process_form.php

Loading the this page directly will provide “Hi bud, thanks for submitting http://twitter.com to the Social category.”, however loading if you submit a blank form from htmlformbuiltwithlove.php, the processing page will still run but it will have empty values.

A Better Form Detection Method

The prior example is a start, but there is an easier and better way. Let’s revise the form processing script to have the following format.

process_form.php

This is great and now provides something more along the lines of what you’d be looking for. If a user submits valid data to the form, and then hits the submit button, it may look like this.

Nice Form Submission!
Hi bud, thanks for submitting Google+ to the Social category.

If the user tries to load process_form.php directly however, they are provided this message.

Stop trying to hack the form fool!

What we are doing is checking for the presence of the submit key in the $_POST array. The only time that key is present is if a user actually clicked on the submit button in the form, so this is the way to most easily detect form submission.


Single Page Form Submission

Another way to approach dealing with forms and form submission in PHP is to simply complete the form processing on the same page as the HTML form. Let’s see how to do this.

htmlformbuiltwithlove.php

Now when this page is loaded initially, or if a blank form is submitted, the user gets the message, Enter a Website and Category . If the user provides something like http://facebook.com and Social then clicks submit, they will get a message like Hi bud, thanks for submitting http://facebook.com to the Social category. Note that we added just a minimal amount of validation in the if clause as well as running any user input through htmlspecialchars that we learned about in the htmlentities vs htmlspecialchars tutorial.


Basic Form Validation

In this day and age, using a PHP framework like Laravel, Symfony, Zend, Codeigniter, Yii, or any of the many other fantastic solutions is the way to go with doing things like Form Validation. It is still important to know the underpinnings of how these frameworks do their magic, and in order to have that we need to understand PHP itself at the most basic levels. So what are some of the things one would typically validate for? Let’s examine.

Validation Characteristics

  • Presence Did the user actually enter anything into a given field?
  • String Length Is the string provided long enough to warrant a valid value?
  • Type Check Checking the type of data is quite common.
  • Inclusion If there is a drop down list of 10 values, is the value provided one of those 10 possible values?
  • Uniqueness Is the data a user is submitting 100% unique? This is common on email address submissions.
  • Format Does the website address contain http:// or does an email contain an @ symbol, etc..

This is the proverbial tip of the iceberg here, as data validation can have hundreds of characteristics, but remember young Jedi, we’re talking about the basics in this episode. So let’s see what these types of validation rules might look like in basic PHP.

Validation Functions

When not using a full blown framework, the next best thing is to put your validation logic into reusable functions. Here are some examples we can use to test out on our single page form validation example.

validation_functions.php

Now we can include this file right into our form page just like this.

Fantastic! We now have a fully functioning HTML form which is processed via PHP on the same page, uses validation functions to handle validation, and outputs any errors in a nice list format if something goes wrong.