Trongate PHP Framework Docs
Introduction
Basic Concepts
Understanding Routing
Intercepting Requests
Module Fundamentals
Database Operations
Templates
Helpers
Form Handling
Form Validation
Working With Files
Image Manipulation
Working With Dates & Times
Language Control
Authorization & Authentication
Tips And Best Practices

Form Handling Fundamentals

Forms are the backbone of web applications. Login screens, user profiles, checkout pages, admin panels - they all need forms. And they all need the same things: clean HTML, solid validation, security, and a smooth user experience.

Trongate gives you all of that with zero abstraction.

The Trongate Approach

No form builders. No XML config files. No "magic" methods that generate fifty lines of HTML you never asked for.

Just Native PHP functions that output exactly what you tell them to - and nothing more.

Real-World Example: Want to see Trongate's form handling concepts in action? Check out the complete Tasks module example on GitHub:

https://github.com/trongate/Trongate-v2-Tasks-Module

It demonstrates form creation, validation, submission handling, error repopulation, checkbox conversion, flash messages, and the full Post-Redirect-Get pattern - all using pure Trongate v2 best practices.

What Trongate Gives You For Form Handling

  • Form helpers - functions like , , and that generate clean HTML
  • Validation module - set rules, run checks, display errors automatically
  • CSRF protection - built-in, automatic, zero setup required
  • Post-Redirect-Get pattern - prevents duplicate submissions, works with flashdata for success messages
  • Session-based error storage - validation errors survive redirects and display exactly where you want them

A Simple Example

Here's a complete working form in Trongate - create, validate, save, redirect:

And the view file:

That's it. No configuration. No registration. No twenty-step tutorial.

How It Works

  1. User visits the formcreate() method displays the view
  2. User submitssubmit() validates the data
  3. Validation fails? → Errors stored in session, form redisplays with error messages
  4. Validation passes? → Data saved, flashdata set, user redirected to success page

The Post-Redirect-Get Pattern

When a form submits successfully, Trongate redirects instead of rendering directly. This prevents the dreaded "resubmit form?" browser warning when users hit refresh.

Here's the flow:

  • POST → User submits form data
  • Process → Validate, save to database
  • Redirect → Send user to a new page (via )
  • GET → Display success message (via )

Success messages survive the redirect using flashdata. Validation errors work the same way - they are stored in the session, displayed after redirect, then automatically cleared.

Security Built In

Every form that uses automatically includes a CSRF token. Every form submission automatically validates it. If the token is missing or invalid, the request gets blocked. See Form Handling → CSRF Protection for details.

You don't opt in. You don't configure it. It just works.

Why This Beats Form Builders

Form builders Trongate
Generate HTML you can't control You write the HTML (via helpers)
Require learning proprietary syntax It's just PHP functions
Break when you need custom markup Add any HTML you want, anywhere
Tie validation to the form object Validation is separate and reusable
Bloated with features you'll never use Lean helpers that do one thing well

What's Next

The following pages will show you:

  • How to generate every type of form element
  • How to retrieve and clean submitted data
  • How to validate with built-in rules and custom callbacks
  • How to display errors (general, inline, or JSON)
  • How to handle the create/update pattern like a pro