In this tutorial we’ll be retrieving data from form fields. To do this we’ll first create an example form. We’re using the POST method to send the form data in the first example. Will later explain what this means, and how we can then retrieve the data from the form fields. Also the GET method will be explained in this tutorial later on. For the form we set the action to the file itself ( we call it ‘form_handle.php’, call it anything you like ).
The Form
File: form_handle.php
<form method="POST" action="fom_handle.php"> <input type="text" name="test_field"> <input type="submit" name="submit" value="Send!"> </form>
Handling the form data
Ok in this form we made 2 fields. One text input field, we named ‘test_field’ and one submit button we called ’submit’ and already gave the value ‘Send!’ to it. Now once the submit button gets pressed, the data of the input fields will be send using the method POST to the file form_handle.php ( as set in the form tag ). This means all values of the input fields will be stored into $_POST['input_field_name'] variables. So in our case we got 2 input fields, and so 2 $_POST variables will be created. One for the field ‘test_field’, which will be stored in $_POST['test_field'], and one for the submit button field we called ’submit’, which will bestored in $_POST['submit']. So in this way the data will be send to the page once the form gets submitted using the form. The submit button we gave a default value already ‘Send!’ so for this input field always this variable will be created:
$_POST['submit'] = "Send!";
Once the form has been submitted. So we can actually CHECK if the form was submitted, by validating this:
<?php
if($_POST['submit'] == "Send!") { //form has been submitted correctly?
//handle form data
}
//show form
}
?>
Because when the form gets submitted, as mentioned above, for each field will be created a variable $_POST['field_name'] and given a value ( either filled in by user or the default value ) which is default set to ‘Send!’ for the submit button. So the variable $_POST['submit'] must have been created if the form was submitted and must be given the value ‘Send!’ to as we gave it that value inside the form submit button input field. But we also made another input field we called ‘test’. This field we didn’t gave a value and can be filled in by the user as it’s a “text” input field. Which looks like this:
And we want to show what the user filled in there. And as we know the data of the input fields are stored in $_POST['input_field_name'], we can get the data filled in for the field named ‘test’ from the variable $_POST['test']. So let’s do this. But of course only when the form was submitted this is possible, so we use the loop we created to check whether the form was submitted or not:
File: form_handle.php
<?php
if($_POST['submit'] == "Send!") { //form has been submitted correctly?
//handle form data
echo "Input field: 'test' - You filled in: ".$_POST['test'];
}else{ //not submitted? show form
?>
<form method="POST" action="fom_handle.php">
<input type="text" name="test_field">
<input type="submit" name="submit" value="Send!">
</form>
<?php
}
?>
When the form has not been submitted yet, this will output:
Once the form has been submitted this will output:
Input field: ‘test’ – You filled in: [here what the user filled in for this field]
Allright, so those are the basics of retrieving user input data. The same principe works for all other input fields such as checkboxes ( which get their value when they’re checked ), radio boxes, etc..
However there’s also a second method: the GET method. It works the same for retrieving the data, they’re put inside $_GET['input_field_name'] when submitting the form. However, they can be changed inside the url. As they’re now submited through url. Like:
form_handle.php?submit=Send!&test=what_the_user_filled_in_for_this_field
So it could be manipulated very easily by changing that inside the url, and beside that, the user can see all values of as well hidden input fields ( which are given a default value for example ) through url. For example you’d have an input field:
<input type='hidden' name='key' value='myverylongsecretkey2985230'>
Then once the form gets submitted using GET method you’ll see this key just in the url!
form_handle.php?key=myverylongsecretkey2985230
So you don’t want that. So usually POST methods are used for securely submitting form, user input data.
End of tutorial
We’ve come to the end of this small tutorial. Hope you learnt something in this tutorial and also have a look at the tutorial about User Input Validation. Which can nicely be combined with this tutorial on how to actually first RETRIEVE the user input data before validating it or anything. Enjoy!
Sat, Feb 27, 2010
PHP & MySql