Forms Intro

How form submissions work and what a request lifecycle looks like.

On this page

What a Form Submission Is

A form submission is an HTTP request sent by the browser to your server. The request includes fields (input values) and a method (GET or POST). PHP reads this data via superglobals like $_GET and $_POST.

Basic GET Form

A GET form sends data in the URL query string. It is great for search forms because the URL becomes shareable.

<form method="GET" action="/search.php">
  <input name="q" placeholder="Search">
  <button type="submit">Search</button>
</form>

Reading GET Data in PHP

Always use a default and escape output if you display it back to the user.

<?php
$q = $_GET['q'] ?? '';

echo htmlspecialchars($q, ENT_QUOTES, 'UTF-8');

Basic POST Form

A POST form sends data in the request body. Use POST for creating/updating data (login, signup, settings).

<form method="POST" action="/login.php">
  <input name="email" type="email" required>
  <input name="password" type="password" required>
  <button type="submit">Login</button>
</form>

Reading POST Data in PHP

Never trust form values. Validate them and do not store raw passwords. (We will cover hashing and auth in later sections.)

<?php
$email = trim($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';

if ($email === '' || $password === '') {
  echo 'Missing fields';
  exit;
}

echo 'OK';

Production Tip

Form handling is where most security bugs begin: XSS (output), CSRF (state changes), and validation issues. Treat every request as untrusted input.

GET vs POST →