What's difference between drupal forms and HTML forms

Question

why we use "drupal form" Although we can do every thing by "HTML forms" ?

Answer 1

Drupal Form API provides a standardized method to show, validate and submit a form in your Drupal site. It allows other modules to interact with the form you design and alter or add fields to modify the form behavior, if that is needed.

By using the form API, you get to output forms that are fully wrapped in classes and ids that your theme can style in a way that fits your site's graphic design.

The Form API outputs form that are secure, meaning that it makes sure that the form the user submits is generated by your site and is not part of a bogus page designed to feed malicious data into your database. The validation process allows a programmer to sanitize any data to avoid SQL injection and other potential threats to security. It also provides a way to avoid that multiple user modify the same content at the same time.

I also think that building a form as a structured array makes the form design and maintenance more straightforward.

These are only my personal highlights about the use of form API. You might like to read more at this link in the Drupal Form API documentation.

Answer 2

Pamatt's answer is well written but as your question is not very constructive/definitive, I'm trying to add some missing points.

why we use "drupal form" Although we can doing every thing by "HTML forms" ?

There is no such thing "Drupal forms". They still use same <input>, <select>, etc tags and everything is still HTML. But modules are given the chance to alter the form without messing up with HTML.

Here is a normal Drupal form:

 $form['text'] = array(
    '#type' => 'textfield',
    '#maxlength' => 120, 
    '#title' => t('Name'),
 );

This is just a PHP array, and if you want to modify the maxlength, you can easily do so. What if it was <input name="text" maxlength="120" /> ? If a specific module wanted to change it, you have to use some sort of regex to do that.

Also, forms generated by Drupal Form API can have *extra** validate functions, as well as submit functions.

**extra:* As per above example, you don't need to validate that the text length is not more than 120. Someone can edit the HTML and send 200 chars for this field, but form API can refuse it. Form API can do basic validations such as making sure that required fields are filled, maxlength is not exceeded, the request is CSRF safe, select list's value is actually in the allowed list, etc.

If you insist you need to use raw HTML forms, you have to add your own form tokens, caches, data validators, etc. When you are done, you will figure out that it's already done and given the name "Form API".