How to handle HTML form submission in PHP using the POST method

Overview

There are two main ways to collect data from the user via a form. We can use the GET method or the POST method. In this shot, we will learn to handle form-submitted data using the POST method.

This is what a form looks like in HTML:

<html>
    <body>
        <form action="handle_form.php" method="POST">
            <input type="text" name="name" placeholder="Username here..."> <br/>
            <input type="email" name="email" placeholder="Email here..."> <br/>
            <input type="submit">
        </form>
    </body>
</html>

In the code above, the form tag has two properties, action and method. Let's learn more about them.

  • action: It specifies the file or the page to which the form is submitted. In our example, the form data will be submitted to handle_form.php using the POST method.

  • method: It describes the transport means used to send data. This is mostly GET or POST.

Note:

  • In case we want the form data to be handled in the same file, we can leave the action attribute empty: <form action="" >.

  • If no method is specified, GET is used by default.

The POST method

The POST method transmits data via a form. We need to explicitly specify it on the form tag's method property to use it. Unlike GET where submitted data are available and visible in the URL, POST hides data away from the user and sends them to the specified file to be handled. Apart from this, everything remains the same as it is in GET. All submitted data are available in the PHP built-in variable called $_POST, as an associative array.

Syntax

A form with the <input type='text' name='username' /> field stores submitted data using:

$_POST['username']

This is what handle_form.php looks like when data from the HTML form above are sent using POST:

<?php
// handle_form.php
echo '<h1>Welcome at Educative</h1>';
echo '<p>Username: ' . $_POST['username'] . '</p>';
echo '<p>Email: ' . $_POST['email'] . '</p>';

  • The $_POST function holds the name entered by the user in the input with the name username.

  • The $_POST function also holds the email address entered in the input field with the name email.

Example

<?php
// handle_form.php
$username = $_POST['name'];
$email = $_POST['email'];

// Basic control
if (!isset($username) || !isset($email))
{
	echo 'Name or email field is empty.';
	
	// Stop PHP execution
    return;
}

echo '<h1>Welcome at Educative</h1>';
echo '<p>Username: ' . $username . '</p>';
echo '<p>Email: ' . $email . '</p>';
The Handle user input

Explanation

index.php

  • Line 4: We create a form that uses the POST method and submits its data to the handle_form.php file.

  • Lines 5 and 6: We have two inputs of the text and email type.

handle_form.php

  • Lines 3 and 4: We create two variables, $username and email, to hold user inputs.

  • Line 7: We use an if statement to make sure the user has sent something. Otherwise, we stop the script.

  • Lines 15–17: If everything is fine, we display the result to the user.

Conclusion

The POST method is the preferred method to handle form-submitted data. Although it "hides" data from the user, it is not more secure than GET. Therefore, validations are still required to ensure we have safe data in our system. There's no character limit for POST like we have with GET. We can also use the POST method if we want to upload a file to the server.

Free Resources

License: Creative Commons-Attribution-ShareAlike 4.0 (CC-BY-SA 4.0)