search

Home >Backend Development >PHP Tutorial >Beginner&#s Guide to PHP Form Handling with Sessions

Beginner&#s Guide to PHP Form Handling with Sessions

Patricia Arquette
Patricia ArquetteOriginal
2024-12-04 21:11:111022browse

Beginner

If you're new to PHP and want to learn how to handle forms and work with session data, this guide is for you. We'll build a simple project where a user can submit a form, save the data in a session, view it, and delete it later. By the end of this tutorial, you'll understand the basics of PHP form handling, validation, sanitization, and sessions.

What is Form Handling in PHP?

Form handling refers to the process of capturing data submitted through an HTML form and processing it in a server-side language like PHP. This includes:

  1. Fetching the form data: Using methods like GET or POST.
  2. Validating the data: Ensuring the input meets specific criteria.
  3. Sanitizing the data: Cleaning the input to prevent security issues like XSS attacks.
  4. Storing or processing the data: Saving it in sessions, databases, or displaying it back to the user.

What Are Sessions in PHP?

Sessions are a way to store information (variables) across multiple pages for a single user. Unlike cookies, session data is stored on the server, making it more secure. To start using sessions in PHP, we use the session_start() function.

The Project: PHP Form with Session Handling

Our project involves the following features:

  • A user fills out a form with personal information.
  • The submitted data is validated and sanitized.
  • Valid data is stored in a session.
  • Users can view or delete the session data.

File Structure

Here's the structure of our project:

project-folder/
│
├── index.php           # Form page
├── submit.php          # Form handling and session storage
├── view_session.php    # Viewing session data
├── delete_session.php  # Deleting session data

Step 1: Creating the Form (index.php)

The index.php file contains a simple HTML form where users can input their details. Here's the code:

<?php session_start(); ?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>PHP Form with Session Handling</title>
</head>
<body>
    <h1>Submit Your Information</h1>
    <!-- Form Section for User Input -->
    <form method="get" action="submit.php">
        <label for="name">Name:</label><br>
        <input type="text">




<hr>

<h3>
  
  
  Step 2: Handling Form Submission (submit.php)
</h3>

<p>This file processes the submitted form data, validates it, and stores it in a session. Here's the code:<br>
</p>

<pre class="brush:php;toolbar:false"><?php
session_start();

// Initialize error messages and data variables
$error_name = "";
$error_age = "";
$error_email = "";
$error_website = "";
$name = $age = $email = $website = $gender = $comments = $hobbies = "";

// Sanitize and validate the form data
if ($_SERVER["REQUEST_METHOD"] == "GET") {
    // Sanitize inputs
    $name = htmlspecialchars(trim($_GET['name']));
    $age = htmlspecialchars(trim($_GET['age']));
    $email = htmlspecialchars(trim($_GET['email']));
    $website = htmlspecialchars(trim($_GET['website']));
    $gender = isset($_GET['gender']) ? $_GET['gender'] : 'No gender selected.';
    $hobbies = isset($_GET['hobbies']) ? $_GET['hobbies'] : ['No hobby selected.'];
    $comments = htmlspecialchars(trim($_GET['comments']));

    // Validation checks
    if (empty($name)) {
        $error_name = "Name is required.";
    }

    if (empty($age) || !filter_var($age, FILTER_VALIDATE_INT) || $age <= 0) {
        $error_age = "Valid age is required.";
    }

    if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error_email = "Valid email is required.";
    }

    if (empty($website) || !filter_var($website, FILTER_VALIDATE_URL)) {
        $error_website = "Valid website URL is required.";
    }

    // If no errors, store data in session
    if (empty($error_name) && empty($error_age) && empty($error_email) && empty($error_website)) {
        // Store data in session
        $_SESSION['name'] = $name;
        $_SESSION['age'] = $age;
        $_SESSION['email'] = $email;
        $_SESSION['website'] = $website;
        $_SESSION['gender'] = $gender;
        $_SESSION['hobbies'] = implode(", ", $hobbies);
        $_SESSION['comments'] = $comments;
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Form Submission Result</title>
</head>
<body>
    <h1>Form Submission Result</h1>

    <!-- Show Errors if any -->
    <?php
    if ($error_name) {
        echo "<p>




<hr>

<h3>
  
  
  Step 3: Viewing Session Data (view_session.php)
</h3>

<p>This file displays session data stored on the server.<br>
</p>

<pre class="brush:php;toolbar:false"><?php session_start(); ?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>View Session Data</title>
</head>
<body>
    <h1>View Stored Session Data</h1>

    <?php
    if (isset($_SESSION['name'])) {
        echo "<p><strong>Name:</strong> " . $_SESSION['name'] . "</p>";
        echo "<p><strong>Age:</strong> " . $_SESSION['age'] . "</p>";
        echo "<p><strong>Email:</strong> " . $_SESSION['email'] . "</p>";
        echo "<p><strong>Website:</strong> <a href='" . $_SESSION['website'] . "' target='_blank'>" . $_SESSION['website'] . "</a></p>";
        echo "<p><strong>Gender:</strong> " . $_SESSION['gender'] . "</p>";
        echo "<p><strong>Hobbies:</strong> " . $_SESSION['hobbies'] . "</p>";
        echo "<p><strong>Comments:</strong> " . $_SESSION['comments'] . "</p>";
    } else {
        echo "<p>No session data found!</p>";
    }
    ?>

    <br><br>
    <a href="index.php">Go Back</a>
</body>
</html>

Step 4: Deleting Session Data (delete_session.php)

This file destroys the session data.

<?php
session_start();
session_unset(); // Remove all session variables
session_destroy(); // Destroy the session
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Session Deleted</title>
</head>
<body>
    <h1>Session Data Deleted</h1>
    <p>All session data has been deleted successfully.</p>
    <br><br>
    <a href="index.php">Go Back</a>
</body>
</html>

Key Concepts Covered

  1. Form Handling:

    • Fetching data using the GET method.
    • Validating inputs with conditions and filters.
    • Sanitizing inputs with htmlspecialchars().

  2. Sessions:

    • Starting a session with session_start().
    • Storing data in

the $_SESSION array.

  • Viewing session data.
  • Deleting session data using session_unset() and session_destroy().

Conclusion

This project demonstrates the basics of PHP form handling and session management. With these concepts, you can build more complex applications that handle user input securely and efficiently. Experiment with the code, and try extending it by adding features like database integration or more advanced validation.

Happy coding! ?

The above is the detailed content of Beginner&#s Guide to PHP Form Handling with Sessions. For more information, please follow other related articles on the PHP Chinese website!

php html xss Array if for Session try Validating Sanitizing using delete function this input database
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Why Doesn\'t PHP\'s `setlocale()` Change Month Names to German?Next article:Why Doesn\'t PHP\'s `setlocale()` Change Month Names to German?

Related articles

See more