Tutorial: PHP Form Handling

June 8th, 2012 Leave a comment
Like the article?
PHP Form Handling

One of the key things to learn if you are just starting to learn PHP is how to handle forms. This process seems to stump new developers to PHP but this shouldn’t be a big obstacle. PHP has many features that allow for simple data gathering and easy form processing. In this tutorial, I will discuss how to use the action method of the form and show you how to create a simple form that you can use on your site that will allow your visitors to contact you via email. This will require the creation of two items: the HTML form and the PHP script that will handle it. The tutorial includes a snipet of PHP and HTML source code that you can use as a starter for your form.

Setting up the HTML

Here is my simple HTML contact form:

<form id="contactForm" name="contactForm" method="post" action="handler.php">
	Name: <input type="text" name="name" id="name" size="30"/><br/>
	Email: <input type="text" name="email" id="email" size="30"/><br/>
	Comments: <textarea name="comments" maxlength="1000" cols="25" rows="6"></textarea><br/>

	<input type="submit" value="Submit" name="submit" id="submit"/>

When you look at this HTML contact form you may notice that most HTML form elements have a name, id and value. The id attribute is not required but if you are doing any JavaScript or have CSS styles you may need to use them. The name property is what we will use to get the values in PHP.

There are two ways to send form data, GET and POST. For the purposes of this article, I will be sending this data via POST, as you can see in the <form> tag. If you would like to learn more about the differences between GET and POST, please see our article detailing the difference at length. Our PHP script will be named “handler.php” and it is given in the action portion of the <form> tag. You can name your PHP script whatever you like, as long as you place it here so the form knows what to do when the user hits submit.

The PHP Script

We’ll create the “handler.php” script in stages so you can understand each step. Download the code in the zip file to get the end result. Let’s start by retrieving the variables:

if (isset($_POST['submit'])) {
	// get each piece of data from the form
	$name = $_POST['name'];
	$email = $_POST['email'];
	$comments = $_POST['comments'];

In this section we are checking with an if statement that the form has been submitted. Data from the form will be stored in the $_POST array. Variables that are given the same name as the "name" tag of the HTML form. There are three variables, $name, $email and $comments that are used to store each piece of data as we get it from $_POST. Everything behind the double forward slashes is comments that are ignored by the PHP interpreter.

One of things we have to remember when accepting data in a public form is that the data may not be correct. We cannot trust that the user has supplied us with correct data and we may be leaving ourselves open to attack. It is possible that a user, through malice, incompetence or accident, has misused your form to send data that is different from what you intended. Because of this, we should take precautions with the data in the form. The following code does some error checking on our data:

// use trim() and strip_tags() to remove leading and trailing spaces
// and remove any tags that may be in the form for each field
if (isset($name)) {
	$name = trim($name);
	$name = strip_tags($name);

if (isset($email)) {
	$email = trim($email);
	$email = strip_tags($email);

if (isset($comments)) {
	$comments = trim($comments);
	$comments = strip_tags($comments);

Here is our simple error-checking process. We don’t want any extra spaces that the user may have typed and we don’t want any HTML tags in our data either. The trim() function will strip white space and the strip_tags() function will remove any HTML code. This is a simple way to check for problems. If this data was sensitive or you would be storing it in a database, more sanitization would be necessary that each value matched what you expected to ensure you were not storing bad data.

Now that we have our data ready to go, we can send our information via email. There are form basic elements needed for sending mail with PHP:

  • The destination address (recipient)
  • Email subject
  • Body of the email
  • Mail header information

The whole process will be handled by one function: mail(), which is used to setup and send the message. Here is the code:

//define the four mail function fields
$recipient = "you@yourdomain.com";
$subject = "Comments From Your Website";
$content = "
From: $name\n
Reply to: $email\n
$header = "From: Comments Form <you@yourdomain.com>\n"."Reply-To: you@yourdomain.com\n";

Each field in the email is a basic text string. The "\n" that I am using creates a new line in the message, and will make the results much easier to read. You can use escape sequences and other functionality to format your message. You can name the sending address whatever you would like.

Now that you have your email formatted and ready to send, all that is left is to call the function to send the message:

//send the message
mail($recipient, $subject, $content, $header);

And you’re done! You have processed your form and sent the data via email.


This simple script will allow anyone to send data to you through your server via email. I hope you have enjoyed learning how to create a form processing script. Remember that this is intended to be a simple tutorial for those just getting started learning PHP and it does not address any of the complicated issues of usability, security, protecting scripts from spammers, returning user-friendly error message or any higher level data processing. However, once you have mastered the small stuff you will be ready to tackle the difficult issues and become a better PHP developer.

Article Source Files

DescriptionNameSizeDownload method
PHP Form Handling Source Codephp-form-handling-source.zip2KBHTTP
Help us spread the word!
  • Twitter
  • Facebook
  • LinkedIn
  • Pinterest
  • Delicious
  • DZone
  • Reddit
  • Sphinn
  • StumbleUpon
  • Google Plus
  • RSS
  • Email
  • Print
Don't miss another post! Receive updates via email!