HTML Form Basics – form, action, method, label, input

The form Element

The <form> element wraps all the controls (inputs, buttons, selects) that belong to a single form. It tells the browser where to send the data and how to send it when the user submits.

HTML

<form action="/submit" method="POST">
  <!-- form controls go here -->
</form>

The two most important attributes on <form> are action and method.

The action Attribute

The action attribute specifies the URL the form data is sent to when the user submits. It can be an absolute or relative URL.

HTML

<!-- Relative URL – sends to same origin -->
<form action="/contact/send">…</form>

<!-- Absolute URL – sends to external server -->
<form action="https://api.example.com/subscribe">…</form>

<!-- No action or empty string – submits to current page URL -->
<form action="">…</form>
<form>…</form>

Tip: Omitting action or setting it to "" causes the browser to submit back to the current page URL. This is common when a server-side script on the same page handles the data.

The method Attribute

The method attribute controls the HTTP method used to send the data. It accepts two values: get and post (case-insensitive).

HTML

<form action="/search" method="GET">…</form>
<form action="/login" method="POST">…</form>

GET vs POST – Key Differences

Choosing the right method matters for security, bookmarkability, and server behaviour.

Feature	GET	POST
Where data goes	Appended to URL as query string: `?name=Alice&age=30`	Sent in the request body — not visible in URL
Visible in browser	Yes — appears in address bar and browser history	No — data is in the request body
Bookmarkable	Yes — the full URL with data can be saved	No — URL doesn't contain the data
Cached by browser	Can be cached	Not cached by default
Data size limit	~2000 characters (URL length limit)	No practical limit
Use for	Search forms, filters, non-sensitive queries	Login, registration, checkout, file upload
Security	Lower — data visible in logs and history	Higher — data not in URL (use HTTPS too)

Never send passwords or sensitive data via GET. The data appears in the URL, browser history, server logs, and HTTP referrer headers. Always use POST for sensitive information — and always use HTTPS to encrypt the entire request.

The label Element

The <label> element provides a text description for a form control. It improves usability and is essential for accessibility — screen readers read the label aloud when a user focuses the associated input.

Connect a label to its input using the for attribute on the label and a matching id on the input.

HTML

<!-- Explicit label: for="" matches input id="" -->
<label for="username">Username</label>
<input type="text" id="username" name="username">

<!-- Implicit label: input nested inside label (no for/id needed) -->
<label>
  Email address
  <input type="email" name="email">
</label>

Clicking the label focuses the input. This is a free UX win — especially important for small checkboxes and radio buttons where the clickable hit area would otherwise be tiny.

Basic Text Input and Submit Button

The simplest possible form has one text input and a submit button. The type="text" input accepts any text, and type="submit" creates the button that sends the form.

HTML

<form action="/search" method="GET">
  <label for="query">Search the site</label>
  <input type="text" id="query" name="q" placeholder="Enter a topic…">
  <input type="submit" value="Search">
</form>

When the user types "HTML forms" and clicks Search, the browser navigates to /search?q=HTML+forms.

The name Attribute – How Data is Keyed

The name attribute on each input is the key that identifies that piece of data when the form is submitted. Without a name, the browser silently omits that field from the submitted data.

HTML

<form action="/register" method="POST">
  <label for="first-name">First name</label>
  <input type="text" id="first-name" name="first_name">

  <label for="last-name">Last name</label>
  <input type="text" id="last-name" name="last_name">

  <label for="email-addr">Email</label>
  <input type="email" id="email-addr" name="email">

  <input type="submit" value="Create account">
</form>

<!-- POST body sent to server (URL-encoded):
  first_name=Alice&last_name=Smith&email=alice%40example.com -->

Notice the difference between id (used only to connect a label) and name (used by the browser to build the submitted data). Both can be the same value, but they serve different purposes.

What Happens on Form Submit

When a user clicks a submit button (or presses Enter in a single-field form), the browser:

Collects all named form controls inside the <form> element.
Encodes them as key-value pairs using the name and current value of each control.
Sends an HTTP request to the action URL using the specified method.
Navigates to the response returned by the server.

For a GET form, the data is appended to the URL as a query string. For a POST form, the data travels in the invisible request body.

Complete Multi-Field Form Example

Here is a realistic contact form combining everything above:

HTML

<form action="/contact/send" method="POST">

  <div class="form-group">
    <label for="contact-name">Your name</label>
    <input type="text" id="contact-name" name="name" placeholder="Alice Smith">
  </div>

  <div class="form-group">
    <label for="contact-email">Email address</label>
    <input type="email" id="contact-email" name="email" placeholder="alice@example.com">
  </div>

  <div class="form-group">
    <label for="contact-subject">Subject</label>
    <input type="text" id="contact-subject" name="subject" placeholder="Question about billing…">
  </div>

  <div class="form-group">
    <label for="contact-message">Message</label>
    <textarea id="contact-message" name="message" rows="5" placeholder="Your message here…"></textarea>
  </div>

  <button type="submit">Send message</button>

</form>

📋 Summary

<form action="" method=""> — wraps all form controls; action is the destination URL, method is GET or POST.
GET appends data to the URL — good for searches and filters; never for passwords.
POST sends data in the request body — required for sensitive data, file uploads, and destructive actions.
<label for="id"> — links a text label to an input; clicking the label focuses the input; essential for accessibility.
name attribute on inputs — the key used to identify that field in the submitted data. Without it, the field is not sent.
id vs name — id connects the label; name identifies the data in the submission.

Frequently Asked Questions

What is the default method if I don't specify one?

The default method is GET. If you omit the method attribute entirely, the browser sends a GET request with form data appended to the URL as a query string. Always explicitly specify method="POST" for any form that creates, updates, or deletes data — or that collects sensitive input.

Does every input need both an id and a name?

They serve different purposes. The name attribute is required for a field to be included in form submission data. The id attribute is required for an explicit <label for=""> connection. You can use the same string for both (e.g. id="email" name="email"), which is the most common pattern. If you nest the input inside its label, the id is optional — but name is still needed for submission.

Can I have multiple forms on one page?

Yes. Each <form> element is independent. Its controls only submit together with that specific form. A common pattern is a search form in the header and a newsletter signup form in the footer, coexisting on the same page without interfering with each other.

Is POST more secure than GET?

POST hides data from the URL, which prevents it appearing in browser history, server logs, and the HTTP Referer header. However, POST data is still transmitted in plain text unless you use HTTPS. Always use HTTPS — with HTTPS, both GET and POST requests are encrypted in transit. POST alone without HTTPS is not secure.