Home » Php » PHP form design best practice

PHP form design best practice

Posted by: admin July 12, 2020 Leave a comment


I have been using PHP for a while now and I have always wondered how to represent a single form to handle updates and inserts into a database. At the present, I am using 2 seperate forms to do this and they both have basically the same information and textboxes, etc. I know there is a better way of handling this but I’m not sure what that is.

I have tried to use a single form in the past but the html mixed with the php looks terrible and is really hard to maintain. I am after “clean” and neat.

Can someone please put me on the right track.

One of the things that I have to use are POST values if the user submits the form and the validation didn’t pass, the refresh should not wipe out the already entered values.

How to&Answers:

You could use a single form, with a hidden field for id. If this field is set – then you should update the $_POST['id'] record with the rest of the form. If the field is not set (that is, it has value=””), you should insert the form data to a new record.

You’ll set the id field according to the action, for example /data/edit/1 will set the id field to , and/data/new` will not set value to it.

For example, your view could be

<form action="/data/edit/1">
<input type="hidden" value="<?php echo $data->id; ?>" />
<input type="text" value="<?php echo $data->name; ?>" />

In case of a new record, call your view with the following data

$data->id = '';
$data->name = '';

In case of a known record, simply init the $data object with the data

$data->id = $record_id;
$data->name = $record_name;


This is how I would probably do it without using any other frameworks/libraries etc. It is basically what Elazar Leibovich said.

    //id is zero or a record id depending on whether updating or inserting
    //an existing record could be edited using edit.php?id=10
    //if the id GET parameter is omitted a new record will be created
    $id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : 0;
    $error = '';

    if ($id) {
        //this array would be in the same format as the one below
        $record = fetchRecordFromDb($id);    
    } else {
        $record = array( 'field1' => 'default value', 'field2' => 'some other default' );    

    //allow POST data to override what is already in the form
    foreach ($record as $key => $value) {
        if (isset($_POST[$key])) {
            $record[$key] = $_POST[$key];

    if (isset($_POST['submit'])) {
        if (!validateForm()) {
            $error = 'Some form error';
        } else {
            if ($id) {
                updateRecord($id, $record);
            } else {

            //ok, redirect somewhere else
            header('Location: http://somewhere');


    <form method="post">
       <?php echo $error; ?>
       <input type="hidden" name="id" value="<?php echo $id; ?>">
       <input type="text" name="field1" value="<?php echo htmlspecialchars($record['field1']); ?>"><br />
       <input type="text" name="field2" value="<?php echo htmlspecialchars($record['field2']); ?>"><br />
       <input type="submit" name="submit">