PHP form tutorialPHP forms tutorial
PHP form
 Home   Forms tutorial   How to articles   Link to us   Links   Donations   Contact 

PHP form > PHP forms tutorial

<< PHP forms Home Validating forms with PHP >>

Handling HTML forms with PHP

» Simple contact form

<html>
<body>
<form action="myform.php" method="post">
<p>Your Name: <input type="text" name="yourname" /><br />
E-mail: <input type="text" name="email" /></p>

<p>Do you like this website?
<input type="radio" name="likeit" value="Yes" checked="checked" /> Yes
<input type="radio" name="likeit" value="No" /> No
<input type="radio" name="likeit" value="Not sure" /> Not sure</p>

<p>Your comments:<br />
<textarea name="comments" rows="10" cols="40"></textarea></p>

<p><input type="submit" value="Send it!"></p>
</form>
</body>
</html>

See the example HTML code above? This is a simple HTML form with two input fields, one radio box group and a text area for comments. Let's say we save this code in a file called "test.html". When submitted data is sent to the "myform.php" file using POST HTTP method.

All variables passed to the current script via the HTTP POST method are stored in associative array $_POST. In other words, in PHP you can access data from each field using $_POST['NAME'], where NAME is the actual field name. If you submit the form above you would have access to a number of $_POST array values inside the myform.php file:

Variable Holds value of
$_POST['yourname'] text field "yourname"
$_POST['email'] text field "email"
$_POST['likeit'] selected radio box group "likeit"
$_POST['comments'] textarea "comments"

With register_globals activated all form data is automatically stored in variable $name (where name is field name, for example $yourname or $email), but this can lead to various security issues and should be avoided at all cost! This feature is now officially depreciated and disabled by default.

Now, if you wanted to display submitted data you could simply echo all the variables as shown below, but do not! Why? Read further.

<html>
<body>
Your name is: <?php echo $_POST['yourname']; ?><br />
Your e-mail: <?php echo $_POST['email']; ?><br />
<br />
Do you like this website? <?php echo $_POST['likeit']; ?><br />
<br />
Comments:<br />
<?php echo $_POST['comments']; ?>
</body>
</html>

If you saved this code in a file called "myform.php", filled the fields in the test.html form and hit the Submit button, the myform.php output would look something like this:

Your name is: John Doe
Your email: john@doe.com
Do you like this website? Yes
Comments:
This is my comment...

Quite simple, isn't it? But the most important thing is still missing! You need to validate submitted data to protect your script (and thus your website and server) from malicious code.

Let's say you display all data submitted with the form in a HTML file (like a guestbook does for example). Now consider someone types this code instead of his name:

<script>location.href('http://www.SPAM.com')</script>

If this is stored in a HTML file anyone who tried to view it would be redirected to http://www.SPAM.com! And this is the least that can happen! Failure to properly validate input data is the main reason for most vulnerabilities and exploits in PHP scripts. You wouldn't want someone to hack your website, erase all data and upload his/her own "u \/\/3R3 H4><0r3d!" homepage, would you?

Read this tutorial further to learn how to validate form inputs and protect yourself from exploits.

 

<< PHP forms Home Validating forms with PHP >>

Jump to:  
  1.1 PHP forms tutorial
  1.2 Validating forms with PHP
  1.3 Required and optional fields
  1.4 Validating URL and E-mail
  1.5 Form to mail
  1.6 Putting it all together
  1.7 Final words and further reading



» Copyright notice

© 2008-2014 myPHPform.com. All rights reserved. Copying or redistributing any part of this website without our written permission is expressly forbidden!

Page copy protected against web site content infringement by Copyscape

 




Help myPHPform by Donating!

  Home  Forms tutorial  How to articles  Link to us  Links  Donations  Contact  
 
© Copyright PHP form 2008-2014. All rights reserved.
All trademarks are property of their respective owners.
Privacy policy
 
Valid XHTML 1.0 Transitional   Valid CSS!