The correct way to check PHP form submission

Web spider at night

The original web developer also works long nights!

Ever have a web-based form not submit the data or seemingly break for no reason? This can be a common error in several browsers, even happening in newer ones like IE7 where the form doesn’t submit.

The wrong way to check PHP form submission

Countless times when people make PHP form scripts, they use the wrong method of verifying when a form has been submitted.

Take this simple form for instance:

<form action="form.php" method="post">
   <input name="username" type="text" />
   <input name="submit" type="submit" value="Submit">
</form>

What the form above does is post the variables username and submit to the resource script, in this case “form.php”.

The most common way to verify that the form was submitted, or at least the method most people tend to use, is by verifying if the submit button variable has been delivered to the receiving script, using code similar to this:

if(isset($_POST['submit'])) 

In most cases this will work, but there are a few occasions when it won’t. To identify when this condition statement will fail, we have to look at the different ways a form can be submitted.

There are two ways of submitting a form:

  1. click the submit button
  2. hit return, which will automatically invoke the form

The problem occurs when you hit the return button (as most people do) when using Internet Explorer (the most commonly used browser) and when the submit button does not have focus. This will submit the form, but it will not send the submit variable, which means the form condition statement used above will fail.

Then again, as a web developer, you’re going to find countless times when a browser fails.

Internet Explorer fails at browsers

But IE9 might be kinda cool

A quick fix?

Some people will offer up a quick hack-like fix by adding in a hidden variable to the form like so:

<form action="form.php" method="post">
   <input name="username" type="text" />
   <input type="hidden" name="submit" />
   <input name="submit" type="submit" value="Submit">
</form>

This method does have it’s merits – we are setting a hidden variable within the form, so no matter how the form is submitted, be it from hitting enter or return, using JavaScript, or by simply clicking on the submit button itself, the submit variable will always be posted.

This means that there would be no need to modify how your PHP code works. But why make your PHP code so strict that you would go about hacking up a form like this? Besides the fact that it is rather odd, it is also a big mistake if you strive to be compliant with HTML standards – and who doesn’t?

What we have essentially gone and done is make a non-compliant workaround for a seemingly common problem without even considering alternatives (like looking at your PHP script one more time!). Most of the time hacks should be last resorts, and lots of times, hacks are usually pretty cool.

What you have here is an uncool, bad hack.

Uwe Boll is a director

You might go Postal for this Rampage director

The correct way to check PHP form submission

Let’s look at our PHP condition again:

if(isset($_POST['submit']))

Sure, it makes sense, but with the aforementioned problem in some browsers, this conditional block is sometimes worthless and can be ignored, causing the form to erroneously fail validation, loop infinitely, or never post the data.

But, instead of looking elsewhere, we ought to fix the problem here!

We need to find a better way of checking whether or not a form has been submitted, which can be found in the $_SERVER[] variables. The best solution to check PHP form submission in all browsers is to check the request method.

That means that the correct way to check if a form is submitted using PHP is like this:

if($_SERVER['REQUEST_METHOD'] == "POST") 

Which will only be true when the form has submitted it’s data to the script. Now that we have this condition in place, our form will work with any browser using any method of form submission with no problem.

Congratulations! No more disgruntled users!

Related Posts