PHP provides several ways to access data submitted through HTML forms. This tutorial will guide you through the most common methods, focusing on retrieving input field values and storing them in sessions.
Understanding Form Submission Methods
HTML forms can submit data using two primary methods: GET and POST.
- GET: Data is appended to the URL as query parameters (e.g.,
?subject=Car Loan). This method is suitable for small amounts of data and when the data can be visible in the URL. - POST: Data is sent in the HTTP request body. This method is more secure for sensitive data and allows for larger amounts of data to be submitted.
Accessing Form Data with PHP Superglobals
PHP provides superglobal arrays that are always accessible, regardless of scope. The two most relevant for form data are $_GET and $_POST.
$_GET: Contains data submitted via theGETmethod.$_POST: Contains data submitted via thePOSTmethod.
To retrieve the value of an input field, you access it using the field’s name attribute as the key within the respective superglobal array.
Example:
Consider the following HTML form:
<form action="" method="post">
<input type="text" name="subject" id="subject" value="Car Loan">
<input type="submit" value="Submit">
</form>
To retrieve the value entered in the subject input field using PHP, you would use the following code:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$subject = $_POST['subject'];
echo "You entered: " . htmlspecialchars($subject); //Sanitize output!
}
?>
Explanation:
if ($_SERVER["REQUEST_METHOD"] == "POST"): This condition ensures the code only executes when the form has been submitted using the POST method. Checking the request method is good practice.$subject = $_POST['subject'];: This line retrieves the value associated with thesubjectkey in the$_POSTarray and assigns it to the$subjectvariable.htmlspecialchars($subject): This function is crucial for security. It sanitizes the output by converting special characters (like<,>,&,"and') into their HTML entities. This prevents potential cross-site scripting (XSS) vulnerabilities. Always sanitize user input before displaying it.
Storing Data in Sessions
Sessions allow you to store data across multiple pages of a website. To store the retrieved form data in a session:
<?php
session_start(); // Start the session
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$subject = $_POST['subject'];
$_SESSION['subject'] = $subject; // Assign to session variable
echo "Subject saved to session.";
}
?>
Explanation:
session_start();: This function starts a new session or resumes an existing one. It must be called before any session variables are used.$_SESSION['subject'] = $subject;: This line assigns the value of the$subjectvariable to a session variable namedsubject. The data will now be available on subsequent pages as long as the session is active.
Using $_REQUEST (Caution)
PHP provides a $_REQUEST superglobal that combines the contents of $_GET, $_POST, and $_COOKIE. While it might seem convenient, using $_REQUEST can be ambiguous and potentially insecure. It’s generally best practice to explicitly use $_GET or $_POST to clearly indicate the source of the data.
Choosing the Right Method
- For simple forms with small amounts of non-sensitive data,
GETmight be sufficient. - For all other cases, especially those involving sensitive data or larger amounts of data,
POSTis the preferred method.
By understanding these concepts and techniques, you can effectively retrieve form data with PHP and store it in sessions for use throughout your web application. Remember to always sanitize user input to protect against security vulnerabilities.