How do forms work?

Not sure where to post this, but here goes…

If I have an HTML form that is designated as type POST and has an action page “submitted_form.php”

1.) When precisely do the values the user types into my form get populated/sent to the $_POST array? (Presumably when the use clicks ‘Submit’, but I’m not certain?!)

2.) What is the life/scope of values in the $_POST array?

For example, are they accessible by any PHP page, or just the one that sends and receives the form?

3.) Let’s say I have “Form_1.php” which goes to the action page “Form_1_processed.php”

and then I also have

“Form_2.php” which goes to the action page “Form_2_processed.php”

Does that mean there are [u]two]/u] $_POST araays?

Are does one $_POST array over-write the other?

It sounds like a simple concept, but the more I think about form handling, the more confusing it gets?! Help!!!


Your server can be serving multiple pages at once, they are independent of each other.
For example page1.php could set $var = true and page2.php sets $var = false; Even if they are being executed together there is no conflict because $var in page 1 has nothing to do with $var in page 2.

It’s the same with $_POST. When the user submits the form they are requesting submitted_form.php and posting the form data there. That request is totally separate from another one, that another user might be making to another (or even the same script). It’s the request and script execution that matters, not the particular PHP files involved.

1.) Values get sent when the form is submitted

2.)The values stay in $_POST until the end of the script execution. PHP is stateless, so at the end of every request (when the script finishes) all variables are gone.

  1. if you use the same names for the input they get overwritten.
    $_POST is the same as a regular array. So if you use
<input name="firstName" type="text">

on page1.php page2.php, the whatever page is submitted last, gets the value. This may help


Think of it as a loop:

The user requests a web page, say “Form_1.php”

When the user hits the send button he is really requesting “Form_1_processed.php”

The input from the form goes to the $_POST array accessed by “Form_1_processed.php” which is the action page in the form.

After php is finished processing it serves the result to the user’s browser. There might or might not be a form in the new page just served.

There might be 100 or 1000 users doing the same thing at the same time but each process is separate (in parallel). But the server has to have a way of knowing who is who so as not to mix them up. This is done by tracking the users with cookies or ids (tokens) in the form.

I guess that is why they create a webserver like Apache, right?

1.) Values get sent when the form is submitted


2.)The values stay in $_POST until the end of the script execution. PHP is stateless, so at the end of every request (when the script finishes) all variables are gone.

So, if I have LogInForm.php and its action is LogInProcess.php

Now, a User goes to LogInForm.php enters their username and password and clicks “Log In”.

The username and password are passed to LogInProcess.php and some script runs to see if a member’s credentials match.

If so, the system logs them in and routes them to MemberPage.php otherwise it prints an error message.

Based on what you said above, I would not be able to access and use “Username” from $_POST on MemberPage.php because after LogInProcess.php ran to its end, the $_POST array would cease to exist?

Is that right?

Or does $_POST even cease to exist right after LogInForm.php stops running?

And if so, then what do you do?



You had it right the first time. LogInForm.php executes, and sends a form to the browser. That script has finished executing before the user has seen the page, or even had time to think about submitting the form. The page is just in the browser memory and has no link to the PHP script that generated it.

Then they type username/password and submit. This sends a whole new request to LogInProcess.php . It will have $_POST[‘username’] and $_POST[‘password’]. That page can validate the values and redirect as you say. If it redirects the user like this:

header("Location: MemberPage.php");

Then that will be a brand new request, and again, no POST data.

To persist data you start using sessions.
Once validated (successful login) you’d put the username and password into a session. Session data is stored on the server so that it can persist between requests as the user browses the site. In order for the server to know which session file belongs to which user, the user must pass the session ID with subsequent requests. This almost always happens with a cookie. Cookies are sent to the server automatically with every request (the opposite of how POST works).

So the user will now have a cookie with their unique session ID. Every page they request, they are sending that cookie to the server. The server can then access $_SESSION to find their data. You’ll actually check their login on every private page. Once they are logged in PHP gets the username and PW from the session so the user doesn’t need to submit a form for every page.

see [fphp]session_start[/fphp]
you don’t need to use [fphp]set_cookie[/fphp] directly if sessions are configured to use cookies. Using the session functions will do it transparently.

Make sense?