You all know what I’m talking about. If you don’t, we’re going to discover how to get the data sent by the “comment form”, where you can leave a comment on this article!

Let’s start from the HTML code. We’re going to make a form to get a name, an email, a password and a comment (it’s just an example to explain the various types of data ^^).

<form action="myphpfile.php" method="POST">
	<table>
		<tr>
			<td>Your name:</td><td><input type="text" name="name" size="15" /></td>
		</tr>
		<tr>
			<td>Your password:</td><td><input type="password" name="pwd" /></td>
		</tr>
		<tr>
			<td>Your email:</td><td><input type="text" name="email" /></td>
		</tr>
		<tr>
			<td>Your comment:</td>
		</tr>
	</table>
	<textarea name="comment" cols="40" rows="5"></textarea><br />
	<input type="submit" value="Send comment" />
</form>

Ok, here we go! As you’ve seen, I used the “POST” method. The action is the page “myphpfile.php”. Note that you can use the same PHP page to show the form and to analyze the data. In this case the action will be simply “?”. You can use the POST method too, but you’ll use a different global variable (we’ll see it in a moment). Since this isn’t an HTML tutorial, I hope it’s understandable what I’ve written since here ^^.

You can send the same data to the same PHP file linking it in this way (you’ll use the GET method):

<a href="myphpfile.php?name=Giacomo&pwd=blablabla&email=me@mynet.com&comment=cool">My link</a>

As you can see, the GET method is not designed to send complex data. Also remember that HTML forms (both GET and POST methods) use plain text to send the data, thus I suggest you to implement a java encoder BEFORE the password and/or other sensible data are sent. We may speak about this in another tutorial.

Let’s see the myphpfile.php lines of code:

<?php
	// method: GET --> $_GET['variable_name']
	// the variable name is the "name" tag of the form's input
	$name = $_POST['name'];
	$password = $_POST['pwd'];
	$email = $_POST['email'];
	$comment = $_POST['comment'];

	// let's secure our variables
	$name = htmlspecialchars($name);
	$password = htmlspecialchars($password);
	$email = htmlspecialchars($email);
	$comment = htmlspecialchars($comment);

	if(myLoginFunction($name,$password,$email) == true) echo $comment;
	else echo "Wrong login! You must log in to comment this tutorial!";
?>

Here it is the trick: the form you made is able to send data between it and a PHP code. PHP can handle this type of data with the global arrays (that are variables!) $_GET (in this case) and $_POST.

A note about web security: htmlspecialchars()
htmlspecialchars($input) will prevent a user to post malicious code, like JavaScript, PHP or HTML code. This won’t alter the accented words (àèìòù, äëïöü and so on). This function will change the tags for example from > into ?> which is harmless for the HTML code.
If you want to substitute also accented characters, you’ll need to use the function htmlentities($input), we can say an “extension” of htmlspecialchars() function.

Do you have any question? ^^