Collecting user data

There are two stages to receiving data from Web users: the first is to provide an interface to interact with, and the second is to retrieve this information. The most common way to do this is through the Common Gateway Interface (CGI), supported by PHP.

Python vs. PHP: Choosing your next project's language

User input and HTML

To provide an interactive interface, Web application designers and PHP developers generally use HTML forms. The HTML form for a search engine might look something like this

<FORM METHOD=GET ACTION="/search.php">
Search for: <INPUT TYPE=TEXT NAME=query SIZE=20>

The first line of HTML sets up the form, declaring the client/server interface method (basically, how the form data is sent to the search script through CGI) and the public location of the script itself. The second line gives the user a text box (defined by TYPE=TEXT), 20 characters in length, where the query text should be input. The name of this text box is 'query'.

The third line creates a different input type, this time SUBMIT - that is, a submit button. The final line closes the form.

When the user fills in the form by entering a query in the query text box, and presses the SUBMIT button, the Web browser sends the information to the search script, search.php. Since the METHOD is GET, this is done by encoding the value of the text box 'query' in the URL. If a user submits a query like 'PHP', the resulting URL may be something like this:

Notice that the data submitted by the user is sent in 'name=value' pairs, separated by an ampersand (&). In the first pair, 'name' is query and 'value' is the user data.

USER INPUT AND PHP With the help of the Web server, PHP initialises variables names based on the 'name=value' pairs from the HTML form. In the example above, the PHP script search.php would be able to access the query data submitted by the user by accessing the variable $query. The following example illustrates this.

if(!isset($submit)) {
/* User has not submitted form data */
?> <FORM METHOD=POST ACTION="<? echo $PHP_SELF; ?>"> Name: <INPUT TYPE=TEXT NAME=name SIZE=20 /><BR /> Phone: Area Code: <INPUT TYPE=TEXT NAME=ac SIZE=2> Number: <INPUT TYPE=TEXT NAME=ph SIZE=9 /><BR /> Mobile: <INPUT TYPE=TEXT NAME=m SIZE=11 /><BR /> Email: <INPUT TYPE=TEXT NAME=e SIZE=25 /><BR /> <INPUT TYPE=SUBMIT NAME=submit VALUE="Submit"/> </FORM> <? } else { $fp = fopen("","a"); $s = "--\nN$name\nA$ac\nP$ph\nM$m\nE$e\n"; fputs($fp,$s); fclose($fp); echo "User data:\nname = $name\nac = $ac\nph = $ph\nm = $m\ne = $e\nsubmit = $submit\n"; } ?> </BODY> </HTML>

To see how this works, save this script as contact.php and upload it to your PHP-enabled Web server.

Request contact.php from your Web server. You will see a standard HTML form, which is sent to your Web browser because the condition !isset($submit) is true. The function isset() tests whether the variable given as the argument was previously initialised. If you submit the form, the variable submit is set to 'Submit' by the last INPUT tag, as described above.

There are two other points of interest in the HTML section of the code. First, the ACTION attribute is filled out with the result of the $PHP_SELF variable. This variable is the path to and the name of the script being executed. If the URL you are requesting is, then the value of $PHP_SELF is '/php/contact.php'.

The other point is that slashes occur at the end of some HTML tags. The latest HTML recommendation, XHTML 1.0, requires that an element <E> with no corresponding </E> tag must be written as <E /> (more at

When the user submits the form, the variable $submit is set, so control is given to the code at 'else'. This code opens a file,, and writes a string to it. Note that is opened in the 'a' mode, that is, append. The variables are written to the file, one per line, with a character prefixing them. This leading character is different for each variable, and gives some structure to each entry, making it easier to parse. By testing the first character of a line, a parser can tell which variable it is dealing with: N for name, A for area code, P for phone, etc.

With such predictable data, a structure this robust is not really necessary. A parser could be designed to assume that the first line after '--' is the name, the second line the area code and so on. However, it is good practice always to design applications with good data storage formats.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CGIGatewayGatewayHewlett-Packard AustraliaHPIONMITRequest DSL

Show Comments