🎯 PHP Forms Handling – Interview Questions
🟢 Basic Level
1. What is form handling in PHP?
👉 Processing user input data submitted via HTML forms using PHP.
2. What are GET and POST methods?
👉 Two ways to send form data to server.
- GET → data in URL
- POST → data in request body
3. Difference between GET and POST?
👉 Key points:
- GET is less secure, POST is more secure
- GET has size limit, POST does not
- GET is bookmarkable, POST is not
4. How do you access form data in PHP?
$_GET['field_name'];
$_POST['field_name'];
5. What is $_REQUEST?
👉 It is a superglobal that contains GET + POST + COOKIE data.
🟡 Intermediate Level
6. What is form validation?
👉 Checking whether user input is correct before processing.
7. Types of validation?
- Client-side (JavaScript)
- Server-side (PHP)
👉 Important: Server-side validation is mandatory
8. How to validate email in PHP?
filter_var($email, FILTER_VALIDATE_EMAIL);
9. What is sanitization?
👉 Cleaning user input to prevent security issues.
10. Difference between validation and sanitization?
- Validation → Check input is correct
- Sanitization → Clean input
11. How to prevent XSS in forms?
htmlspecialchars($input);
12. How to check request method?
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// form submitted
}
13. Why use isset() in forms?
👉 To check if a field exists before accessing it.
if (isset($_POST['name'])) {
echo $_POST['name'];
}
14. What is empty()?
👉 Checks if variable is empty.
🔴 Advanced Level
15. How to handle file uploads in PHP?
👉 Using $_FILES array.
$_FILES['file']['name'];
$_FILES['file']['tmp_name'];
16. What is enctype="multipart/form-data"?
👉 Required for file uploads in forms.
17. How to move uploaded file?
move_uploaded_file($tmp, "uploads/file.jpg");
18. How to secure file uploads?
👉 Must check:
- File type
- File size
- Rename file
- Restrict folder access
19. What is CSRF and how to prevent it?
👉 CSRF = Cross-Site Request Forgery
Prevention:
- Use CSRF token
$_SESSION['token'] = bin2hex(random_bytes(32));
20. What is SQL Injection in forms?
👉 Injecting malicious SQL via form inputs.
Prevention:
- Use prepared statements (PDO/MySQLi)
21. Why should we sanitize before database insert?
👉 To prevent:
- SQL Injection
- XSS attacks
22. What is sticky form?
👉 Form that retains user input after submission error
23. How to create sticky form?
<input type="text" name="name" value="<?php echo $name ?? ''; ?>">
24. What is the use of filter_input()?
👉 Safely fetch input data.
$name = filter_input(INPUT_POST, 'name');
25. How to handle multiple inputs with same name?
<input type="checkbox" name="skills[]">
foreach ($_POST['skills'] as $skill) {
echo $skill;
}
💼 Practical / HR + Coding Mix
26. Build a secure login form—what steps will you follow?
👉 Expected answer:
- Use POST
- Validate inputs
- Sanitize data
- Use password hashing (
password_hash) - Use prepared statements
- Use sessions
27. Why POST is preferred for login forms?
👉 Because:
- Data is hidden
- More secure
- No URL exposure
28. What happens if you don’t validate form data?
👉 Risks:
- Wrong data
- Security vulnerabilities
- Application crash
🚀 Pro Tip (Interview Gold Answer)
If they ask:
👉 “How do you secure forms completely?”
Answer like this:
✔ Use POST method
✔ Validate all inputs
✔ Sanitize data
✔ Use prepared statements
✔ Implement CSRF tokens
✔ Restrict file uploads
✔ Use HTTPS
