Home > DeveloperSection > Forums > How to submit form to controller or model in mvc?
Sanjay Sharma
Sanjay Sharma

Total Post:45

Posted on    November-09-2014 10:46 PM

 PHP Mvc4  Model  Controller 

 1 Reply(s)
 1148  View(s)
Rate this:

I'm trying to apply a simple MVC pattern to my current website without any frameworks. Since i havent really gotten into oop yet im still using procedural at the moment.

i have a simple login form (view)

<form action="controller/login.php" method="Post">
<input type="text" name="username" placeholder="Username" />
<input type="text" name="password" placeholder="Password" />
<input type="submit" value="Sign in" />

this form will submit to the controller for login form. Controller will now check if both fields have inputs and "cleanse" more or less the input

$username = $_POST['username'];
$password = $_POST['password'];
$username_escape = mysqli_real_escape_string($connect, $username);
$password_escape = mysqli_real_escape_string($connect, $password);


this is a really simple check right now however i was now wondering should i include controller into model and redirect to model from controller or form submit it at first place and have controller included.


$query = mysqli_query($connect, "INSERT into DB_table (username, password)
VALUES($username_escape, $password_escape)");

Allen Scott

Total Post:46

Posted on    November-10-2014 12:55 AM

It's good that you're trying to separate your concerns, but MVC is a design pattern based on top of OOP principles.

OOP works with objects, and those objects are defined by a class, which is like a blueprint.

So in this example, you'd want everything to go through the controller, then depending on whether you want to save out, you'd want to call the model.


class LoginController


    public function indexAction()



        $username = $_POST['username'];

        $password = $_POST['password'];

        if(!is_null($username) AND !is_null($password))


             $user = new \Service\User();

             $credentialsAreValid = $user->checkCredentials($username, $password);



                 header("Redirect: Somewhere");



        require_once __DIR__."/../templates/login.php";



class User


    public function checkCredentials($username, $password)


         $dsn = "mysql:host=localhost;dbname=db";

         $dbuser = "root";

         $dbpass = "pass";

         $db = new PDO($dsn, $dbuser, $dbpass);

         $db->prepare("SELECT * FROM user WHERE username = ? AND password = ?");

         $db->bindValue(1, $username);

         $db->bindValue(2, $password);

         $res = $db->execute();

         if(count($res->fetchAll()>0) return true;

         return false;



As you can see the logic is separated into a service, and is only called if it is needed. We've also used pdo to prevent SQL injections, (though shouldn't really be creating objects in here).

Id suggest you look into autoloading, and have a play with a framework like Silex as it will teach you these principles.

Don't want to miss updates? Please click the below button!

Follow MindStick