Checking if form has been submitted - PHP

Question

What is the best way of checking whether or not a form has been submitted to determine whether I should pass the form's variables to my validation class?

First I thought maybe:

isset($_POST)

But that will always return true as a superglobal is defined everywhere. I don't want to have to iterate through each element of my form with:

if(isset($_POST['element1']) || isset($_POST['element2']) || isset(...etc

Whilst writing this question I thought of a much more basic solution, add a hidden field to act as a flag that I can check.

Is there a 'cleaner' way to do it than adding my own flag?

Well, you could make a submit button that has a specific nam, like `submited` and then use the php `if(isset($_POST['submited']))` or a hidden input... — Max Allan, Oct 10 '11 at 10:33
You should add a nounce to prevent replay attacks on your form. — hakre, Oct 10 '11 at 10:35

score 219 · Accepted Answer · edited Jun 04 '22 at 06:27

219

For general check if there was a POST action use:

if ($_POST)

EDIT: As stated in the comments, this method won't work for in some cases (e.g. with check boxes and button without a name). You really should use:

if ($_SERVER['REQUEST_METHOD'] == 'POST')

edited Jun 04 '22 at 06:27

Your Common Sense

154,967
38
205
325

answered Oct 10 '11 at 10:32

matino

16,442
7
46
56

score 176 · Answer 2 · answered Oct 10 '11 at 10:32

176

How about

if($_SERVER['REQUEST_METHOD'] == 'POST')

answered Oct 10 '11 at 10:32

Olaf

9,799
8
36
54

score 71 · Answer 3 · edited Aug 15 '13 at 16:39

71

Actually, the submit button already performs this function.

Try in the FORM:

<form method="post">
<input type="submit" name="treasure" value="go!">
</form>

Then in the PHP handler:

if (isset($_POST['treasure'])){
echo "treasure will be set if the form has been submitted (to TRUE, I believe)";
}

edited Aug 15 '13 at 16:39

Joe Pigott

7,343
5
29
42

answered Mar 17 '12 at 17:39

Tzshand

1,495
11
14

7

This is the correct answer. Simply checking for $_POST isn't good enough because it could've been generated from a number of different places...not just from a form post. Thanks Tzshand. – Houston Nov 19 '13 at 12:39
Ideally now you should use `if (null !== (filter_input(INPUT_POST, 'macaddress'))){` which gets you in the habit of using filter_input – depicus Feb 20 '15 at 09:46
3

POST can be done with Ajax, which won't have any submit button, so this is not a universal solution. – Muhammad bin Yusrat Jul 27 '15 at 05:54
That's true; it can also check any variable posted by AJAX. – Tzshand Jun 07 '17 at 22:00

Rikesh · Answer 4 · 2014-02-26T04:37:50.510

36

Use

if(isset($_POST['submit'])) // name of your submit button

edited Feb 26 '14 at 04:37

answered Oct 10 '11 at 10:32

Rikesh

25,621
14
77
86

2

The simplest solution. All forms should have a submit button! – Anh Tran Mar 20 '17 at 03:26
1

But some forms may have multiple buttons. – Progrock Sep 20 '17 at 11:24
4

@rilwis sometimes forms are submitted by JavaScript and don't need/have a submit button – Waqas Malik Jun 05 '18 at 12:31

score 28 · Answer 5 · answered Oct 10 '11 at 10:32

28

if ($_SERVER['REQUEST_METHOD'] == 'POST').

answered Oct 10 '11 at 10:32

CodeCaster

139,522
20
204
252

score 14 · Answer 6 · answered Jan 18 '13 at 16:47

14

Try this

 <form action="" method="POST" id="formaddtask">
      Add Task: <input type="text"name="newtaskname" />
      <input type="submit" value="Submit"/>
 </form>

    //Check if the form is submitted
    if($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['newtaskname'])){

    }

answered Jan 18 '13 at 16:47

rizon

7,991
1
25
17

2

This method is the most recommended, since it seems to be recognized as "best practice" by the "coding academy". – Genesis Mar 03 '13 at 02:13

score 2 · Answer 7 · edited Dec 21 '19 at 03:42

On a different note, it is also always a good practice to add a token to your form and verify it to check if the data was not sent from outside. Here are the steps:

Generate a unique token (you can use hash) Ex:

$token = hash (string $algo , string $data [, bool $raw_output = FALSE ] );

Assign this token to a session variable. Ex:
```
$_SESSION['form_token'] = $token;
```

Add a hidden input to submit the token. Ex:

input type="hidden" name="token" value="{$token}"

then as part of your validation, check if the submitted token matches the session var.
```
Ex: if ( $_POST['token'] === $_SESSION['form_token'] ) ....
```

this only works if the user doesn't inspect the element and sniff the value to run in their bots — c0d3x1337, Jan 07 '21 at 12:50

score 0 · Answer 8 · edited Jun 24 '18 at 03:39

0

I had the same problem - also make sure you add name="" in the input button. Well, that fix worked for me.

if($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['add'])){
    echo "stuff is happening now";
}

<input type="submit" name="add" value="Submit">

edited Jun 24 '18 at 03:39

Jonathan

2,225
4
20
37

answered Jun 23 '18 at 22:13

Jen

1

score -6 · Answer 9 · answered Oct 10 '11 at 10:33

-6

You could also use:

is_array($_POST)

answered Oct 10 '11 at 10:33

SW4

67,554
20
126
133

4

`is_array($_POST)` always gives true (on my machine). According to http://stackoverflow.com/questions/5594020/php-check-if-post-is-array: `$_POST is a superglobal array which is always defined` , `unless somewhere in your code you either unset or overwrite $_POST somehow`, so it seems to be expected that this always returns true.. – GitaarLAB Jul 06 '14 at 21:49
`is_array($_POST)` is definitely not the way to check if the form was submitted. – Lukas Oct 12 '17 at 11:50

Checking if form has been submitted - PHP

9 Answers9

Linked

Related