Processing a Form with PHP

Now let's look at how each type of item in a form is handled by PHP after the submit button is clicked.

Accessing Form Values

Form values are made available in PHP by using some special array structures. The arrays $_GET and $_POST contain values submitted using the GET and POST methods, respectively. A hybrid array, $_REQUEST, contains the contents of both of these arrays, as well as the values from $_COOKIE, which you will use in Lesson 14, "Cookies and Sessions."

Super-globals The system-generated arrays that have names beginning with an underscore character are known as super-globals because they can be referenced from anywhere in a PHP script, regardless of scope. For instance, you do not need to explicitly declare $_POST as global to access its elements within a function.

Accessing the values from form items is fairly intuitive: The form item names become the element keys in $_GET or $_POST, and each value in the array is the value of the corresponding element when it was submitted.

For example, the email address submitted by comments.html will be $_POST["email"], and the comments text will be $_POST["comments"].

For CHECKBOX and RADIO input types, the VALUE attribute determines the value seen by PHP. If the check box named may_contact is checked, then the array element $_POST["may_contact"] has the value Y. If it is not checked, this element simply does not exist in the array; you should use isset to check whether a check box is checked.

Default Check Box Values If you do not specify a VALUE attribute for a check box item, its value in PHP when checked is on.

The radio group gender causes $_POST["gender"] to contain the value m or f, depending on which value is selected and, as with a check box, if no value is selected, the array element does not exist.

The simplest way to see all the submitted data from a form is to use a call to print_r to dump out the contents of $_POST, as follows:

 echo "<PRE>"; print_r($_POST); echo "</PRE>"; 

This is a useful debugging technique if you want to see exactly what data is being passed to a script from a form. If you create send_comments.php, containing just these lines, the output shows you the value of each form element in turn. The following is sample output:

 Array (     [name] => Chris Newman     [email] => chris@lightwood.net     [gender] => m     [referrer] => search     [may_contact] => Y     [comments] => This is my favorite website ever ) 

Even the value of a submit button can be seen by PHP if the button is given a name and the button is clicked when the form is submitted. The following form has two buttons with different names, so that you can use PHP to determine which button was actually clicked:

 <FORM ACTION="button.php" METHOD=POST> <INPUT TYPE="SUBMIT" NAME="button1" VALUE="Button 1"> <INPUT TYPE="SUBMIT" NAME="button2" VALUE="Button 2"> </FORM> 

In button.php, you could use a condition similar to the following to see which button is clicked:

 if (isset($_POST["button1"])) {   echo "You clicked button 1"; } elseif (isset($_POST["button2"])) {   echo "You clicked button 2"; } else {   echo "I don't know which button you clicked!"; } 

The VALUE attribute of a submit button determines what label appears on the button itself, but that value is also the value that is passed to PHP when the button is clicked.

Submit Buttons Many modern web browsers submit a form when you press the Enter key when focused on any of the input fields. Even if there is only one submit button on a form, its value is not sent to PHP unless it is actually clicked with the mouse.

Hidden Inputs

One other type of form input is available, and it can be used to pass values between scripts without their being visible on the web page itself.

The HIDDEN type takes NAME and VALUE attributes, as usual, but it simply acts a placeholder for that value.

The following hidden input is passed to the PHP script when the form is submitted, and $_POST["secret"] contains the value from the form:

 <INPUT TYPE="HIDDEN" NAME="secret" VALUE="this is a secret"> 

Be aware, however, that HIDDEN attribute inputs are not secure for transmitting passwords and other sensitive data. Although they do not appear on the web page, if you view the page source, you can still see hidden values in the HTML code.