Checking if form has been submitted - PHP

132
votes

What is the best way of checking whether or not a form has been submitted to determine whether I should pass the form's variables to my validation class?

First I thought maybe:

isset($_POST)

But that will always return true as a superglobal is defined everywhere. I don't want to have to iterate through each element of my form with:

if(isset($_POST['element1']) || isset($_POST['element2']) || isset(...etc

Whilst writing this question I thought of a much more basic solution, add a hidden field to act as a flag that I can check.

Is there a 'cleaner' way to do it than adding my own flag?

9
phpformsvalidation
Well, you could make a submit button that has a specific nam, like submited and then use the php if(isset($_POST['submited'])) or a hidden input...Max Allan
You should add a nounce to prevent replay attacks on your form.hakre

9 Answers

210
votes

For general check if there was a POST action use: 

if (!empty($_POST))

EDIT: As stated in the comments, this method won't work for in some cases (e.g. with check boxes and button without a name). You really should use:

if ($_SERVER['REQUEST_METHOD'] == 'POST')
174
votes

How about 

if($_SERVER['REQUEST_METHOD'] == 'POST')
70
votes

Actually, the submit button already performs this function.

Try in the FORM:

<form method="post">
<input type="submit" name="treasure" value="go!">
</form>

Then in the PHP handler:

if (isset($_POST['treasure'])){
echo "treasure will be set if the form has been submitted (to TRUE, I believe)";
}
36
votes

Use

if(isset($_POST['submit'])) // name of your submit button
28
votes

if ($_SERVER['REQUEST_METHOD'] == 'POST').

14
votes

Try this 

 <form action="" method="POST" id="formaddtask">
      Add Task: <input type="text"name="newtaskname" />
      <input type="submit" value="Submit"/>
 </form>

    //Check if the form is submitted
    if($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['newtaskname'])){

    }
2
votes

On a different note, it is also always a good practice to add a token to your form and verify it to check if the data was not sent from outside. Here are the steps:

  1. Generate a unique token (you can use hash) Ex: 

    $token = hash (string $algo , string $data [, bool $raw_output = FALSE ] );

  2. Assign this token to a session variable. Ex: 

    $_SESSION['form_token'] = $token;

  3. Add a hidden input to submit the token. Ex: 

    input type="hidden" name="token" value="{$token}"

  4. then as part of your validation, check if the submitted token matches the session var. 

    Ex: if ( $_POST['token'] === $_SESSION['form_token'] ) ....
0
votes

I had the same problem - also make sure you add name="" in the input button. Well, that fix worked for me. 

if($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['add'])){
    echo "stuff is happening now";
}

<input type="submit" name="add" value="Submit">
-6
votes

You could also use:

is_array($_POST)