Using $_POST to get select option value from HTML

Data integrity and sanitization

When retrieving user inputs from HTML forms, validating and sanitizing user data safeguards against security threats and ensures data integrity. Use isset() or null coalescing operator (??) to verify if the input is present thereby averting undefined index errors. Proper error management entails providing a default or error message. Furthermore, always encode the output to thwart XSS attacks with htmlspecialchars() or htmlentities().

Switcheroo with PHP versions

For folks on PHP 8 and onwards, get fancy with the match operator, a snazzy alternative to the switch statement for handling different submitted values. But remember, like the Dodo bird, this won't fly in earlier versions:

PHP:

$choiceMade = $_POST['selection'] ?? 'No Selection';
$result = match($choiceMade) {
    'pick1' => 'First Choice made',
    'pick2' => 'Second Choice made',
    default => "Guess again, because that ain't it!",
};
echo htmlspecialchars($result);


Form Setup 101

The form method should be set to post and the action attribute must correspond to the PHP file responsible for braving the storm — processing the form data. The name attribute of the <select> tag must correlate to the expected $_POST key to capture submitted value:

HTML:

<form method="post" action="handle-it.php">
    <select name="selection">
        <option value="pick1">Choice 1</option>
        <option value="pick2">Choice 2</option>
    </select>
    <input type="submit" value="Submit">
</form>


Going above and beyond

Brace for Multiples

Dealing with multiple selections? Alter the name attribute to embrace an array (name="choices[]") and take a walk across the results:

HTML:

<select name="choices[]" multiple>
    ...
</select>


PHP:

foreach ($_POST['choices'] as $choice) {
    echo 'Look who decided between choices: ' . htmlspecialchars($choice);
}


Empty Basket case

Usually, an uncommitted user (no choice selected) ends up sending an empty string to the variable. Tackle this by validating if the value is empty:

$choiceMade = $_POST['selection'] ?? '';
if (empty($choiceMade)) {
    echo "Buy a vowel because we've got zilch!";
} else {
    echo "And in the blue corner, we have: " . htmlspecialchars($choiceMade);
}


Keep the receipt

After gathering and sanitizing the user input, it might be time to bookmark the selection for data insertion, session tracking, or a late-night party:

PHP:

$_SESSION['choice_history'] = htmlspecialchars($choiceMade);
// Make sure to fire the tradition starter 'session_start()'
