## Chapter 14: A Simple POST Form - Getting Information from Users **POST forms are like sealed envelopes - the information travels privately from the browser to your server!** **Form validation is like being a good bouncer - you check IDs before letting anyone in!** ### How Forms Work - The Mail Analogy **When someone fills out a form, it's like sending you a private letter:** ``` User fills form → Browser seals envelope → Postman delivers → You open and read ``` **Unlike GET (address on envelope), POST puts the information inside the envelope!** Create `public/contact.php`: ```php <?php $errors = []; $name = ""; $message = ""; if ($_SERVER["REQUEST_METHOD"] === "POST") { $name = trim($_POST["name"] ?? ""); $message = trim($_POST["message"] ?? ""); if ($name === "") { $errors[] = "Name is required."; } if ($message === "") { $errors[] = "Message is required."; } if (!$errors) { echo "<p>Thanks, " . htmlspecialchars($name, ENT_QUOTES, "UTF-8") . ".</p>"; echo "<p>Your message was received.</p>"; exit; } } ?> <!doctype html> <html> <head><meta charset="utf-8"><title>Contact</title></head> <body> <h1>Contact</h1> <?php if ($errors): ?> <ul> <?php foreach ($errors as $e): ?> <li><?= htmlspecialchars($e, ENT_QUOTES, "UTF-8") ?></li> <?php endforeach; ?> </ul> <?php endif; ?> <form method="post"> <label>Name</label><br> <input name="name" value="<?= htmlspecialchars($name, ENT_QUOTES, "UTF-8") ?>"><br><br> <label>Message</label><br> <textarea name="message"><?= htmlspecialchars($message, ENT_QUOTES, "UTF-8") ?></textarea><br><br> <button type="submit">Send</button> </form> </body> </html> ``` **What this form teaches you (the smart way):** ** Default values** - So the page doesn't crash when someone visits directly ** Basic validation** - Checking if people actually filled things out ** Escaping output** - Stopping bad guys from breaking your HTML ** PHP inside HTML** - Mixing code without making it messy ### Breaking Down the Contact Form **Step 1: Check if someone pressed the submit button** ```php if ($_SERVER["REQUEST_METHOD"] === "POST") { // Someone clicked "Send" - time to process the form! } ``` **Step 2: Clean up the input (like washing vegetables before cooking)** ```php $name = trim($_POST["name"] ?? ""); // Remove extra spaces $message = trim($_POST["message"] ?? ""); // Remove extra spaces ``` **Step 3: Check if required fields are filled** ```php if ($name === "") { $errors[] = "Name is required."; // Add error to our list } ``` **Step 4: Show errors or say thank you** ```php if (!$errors) { // No errors? Show success message! echo "<p>Thanks, $name. Your message was received.</p>"; exit; // Stop here - don't show the form again } ``` ### Common Form Mistakes | Mistake | What Happens | How to Fix | |---------|---------------|------------| | Forgetting `trim()` | Extra spaces cause validation to fail | Always use `trim()` on user input | | Not checking `REQUEST_METHOD` | Form processes on every page load | Only process when `POST` | | Missing `htmlspecialchars` | Users can inject JavaScript | Always escape output | | No default values | Page breaks with empty fields | Use `??` operator | | Not preserving form values | Users have to retype everything | Fill inputs with submitted values | ---