HTML Forms
Main | Review of Operators | Mathematical Functions | Practice 5 | Solution 5 | HTML Forms | PHP Forms | Practice 6 | Solution 6 | PHP and E-mail | Practice 7 | Solution 7

PHP can be used to control online forms. In the following discussion we will have a quick examination of HTML forms, and in the next section, we will look at some built-in PHP functions that can be used, along with conditionals, to collect data from users who visit your website.

User Input

HTML forms are a means to acquiring input from your users. You should be able to type text and click the "Submit" button in the following box:

Note that clicking "Submit" does nothing in this case, but reload the page. This is because this example is only meant to show you what the above form looks like in relation to the following HTML: 

<form method="get">
<input type=text name=something value="">
<input type=submit value="Submit">
</form>
After opening the form, the following HTML code creates a box where users can input text. The type of input the box will receive is distinguished by declaring type=text as in the following: 
<input type=text name=something value="">
as opposed to declaring type=submit, which will create a button for users to click, as in the following: 
<input type=submit value="Submit">
You should also notice that the text input box has a feature called name which can be used to set a variable, which users can declare when they type text in the box. If you experiment by clicking on the above submit button you should notice a change in the tail of the URL of this page. When you first came to this page the URL ended with the following: 
/php1/forms.php
However, if you click submit and without putting any text in the box, the the URL will end with the following: 
/php1/forms.php?something=
If you then type some random text (asdf) in the box and click on submit, the the URL will end with the following: 
/php1/forms.php?something=asdf

Notice how the above pheonmena allows a browser to accept variables as if they were arguments of functions. Whenever we submit forms we will take advantage of the varialbes that were passed over HTTP.

GET and POST

There are two methods that a form can use to pass the variables from one page to another (or to itself). They care called GET and POST. The reason that we see the variables in the tail of the URL in the above examples is because we used the GET method. Recall that the first line of our form said: 

<form method="get">

If we used the POST method the variables would still be passed, but we would not see them in the URL. In the above example GET was used to help you visualize how the varialbes were passed. The rest of this tutorial will use the POST method. The distinctions between GET and POST are not essetial to PHP itself, but a good PHP programmer should know the differences between them, and should also know when to choose one over the other.

When a user enters information in a form and clicks Submit, there are two ways the information can be sent from the browser to the server: in the URL, or within the body of the HTTP request.

The GET method appends name/value pairs to the URL. Unfortunately, the length of a URL is limited, so this method only works if there are only a few parameters. The URL could be truncated if the form uses a large number of parameters, or if the parameters contain large amounts of data. Also, parameters passed on the URL are visible in the address field of the browser -- not the best place for a password to be displayed.

The alternative to the GET method is the POST method. This method packages the name/value pairs inside the body of the HTTP request, which makes for a cleaner URL and imposes no size limitations on the form's output. It tends to be more secure.

If you were writing a CGI script directly i.e. not using PHP, but Perl, Shell, C, or antoher language you would have to pay attention to where you get the user's value/variable combinations. In the case of GET you would use the QUERY_STRING environment variable and in the case of POST you would use the CONTENT_LENGTH environment variable to control your iteration as you parsed for special characters to extract a variable and its value.

In summary:

POST

  1. Query length can be unlimited (unlike in GET)
  2. Is used to send a chunk of data to the server to be processed
  3. You can send entire files using post
  4. Your form data is attached to the end of the POST request (as opposed to the URL)
  5. Not as quick and easy as using GET, but more versatile (provided that you are writing the CGI directly)

GET

  1. Your entire form submission can be encapsulated in one URL, like a hyperlink so can store a query by a just a URL
  2. You can access the CGI program with a query without using a form
  3. Fully includes it in the URL: http://myhost.com/mypath/myscript.cgi?name1=value1&name2=value2
  4. Is how your browser downloads most files
  5. Is used to get a file or other resource
  6. Should not be used for any actions that cause a change in the server, e.g. updating a database.

Value

The final relevant feature of the input field of a form is value, which can be used to declare a default value that will appear in the input field, when the page is first loaded. For example, the following code: 

<input type=text name=something value="some default!">
will produce this:

In the above text-box, you are free to type what you wish. The value field is just a default value that you can change.

jfulton [at] member.fsf.org
22 Aug 2013