The traditional approach (and why it's hard)
The old way to connect an HTML form to a database looks like this:
HTML Form → PHP script → MySQL INSERT → redirectThis requires:
- A PHP runtime (or Node.js, Python, Ruby) on your server
- Database credentials stored on the server
- SQL injection protection (prepared statements)
- Connection pooling and error handling
- Schema design and migrations
- Backup and retention policy
- A way to view and export the stored data
That's a lot of infrastructure for a contact form. And if you're on a static host (Vercel, Netlify, GitHub Pages), you don't have a server runtime at all.
Approach 1: Hosted form backend with built-in database
The simplest path. splitforms stores every submission in its own database layer — you get a searchable dashboard, CSV export, API access, and webhook delivery. No database to manage.
<form action="https://splitforms.com/api/submit" method="POST">
<input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />
<input type="hidden" name="subject" value="New submission" />
<input type="hidden" name="redirect" value="https://yoursite.com/thanks" />
<input name="name" required />
<input name="email" type="email" required />
<input name="company" />
<select name="plan">
<option>Starter</option>
<option>Pro</option>
<option>Enterprise</option>
</select>
<textarea name="message"></textarea>
<input name="botcheck" type="checkbox" style="display:none" tabindex="-1" />
<button type="submit">Submit</button>
</form>Every field in your form is automatically stored. The dashboard lets you search, filter, tag, and export submissions. You also get:
- Email notifications — each submission arrives in your inbox
- Spam filtering — AI classifier + honeypot, no CAPTCHA needed
- Webhooks — forward each submission to your own API
- GDPR compliance — encrypted at rest, configurable retention
- API access — pull submissions via REST API with your API key
Cost: Free for 500 submissions/month. Starter at $1/month, Pro at $5/month.
Approach 2: Webhook → your own database
You want submissions in your database (PostgreSQL, MySQL, MongoDB). Use splitforms as the front-end receiver, then forward each submission via webhook to your API.
// Your server: POST /api/webhook
import express from 'express';
import { Pool } from 'pg';
const app = express();
app.use(express.json());
const pool = new Pool({ connectionString: process.env.DATABASE_URL });
app.post('/api/webhook', async (req, res) => {
// Verify the splitforms webhook signature
const signature = req.headers['x-splitforms-signature'];
// ... verify HMAC ...
const { data } = req.body;
await pool.query(
'INSERT INTO submissions (name, email, company, plan, message, created_at) VALUES ($1, $2, $3, $4, $5, NOW())',
[data.name, data.email, data.company, data.plan, data.message]
);
res.json({ ok: true });
});
app.listen(3000);Configure the webhook URL in your splitforms dashboard. Every submission — after spam filtering — is POSTed to your endpoint with an HMAC signature for verification.
This gives you the best of both worlds: splitforms handles form receiving, spam filtering, and email notifications, while your database becomes the system of record.
Approach 3: Serverless function → database
You want to own the entire pipeline. Write a serverless function that receives the form POST and inserts directly into your database.
// Vercel Route Handler: app/api/submit/route.ts
import { Pool } from '@neondatabase/serverless';
const pool = new Pool({ connectionString: process.env.DATABASE_URL });
export async function POST(req: Request) {
const data = await req.formData();
// Honeypot check
if (data.get('botcheck')) return new Response('OK');
const name = String(data.get('name') ?? '');
const email = String(data.get('email') ?? '');
const message = String(data.get('message') ?? '');
// Insert into PostgreSQL
await pool.query(
'INSERT INTO submissions (name, email, message, created_at) VALUES ($1, $2, $3, NOW())',
[name, email, message]
);
return Response.redirect(new URL('/thanks', req.url), 303);
}Pair this with Neon, Supabase, PlanetScale, or any hosted PostgreSQL/MySQL provider. You own the schema, the data, and the retention policy.
Downside:you're responsible for spam filtering, email notifications, CORS, rate limiting, and error handling. That's why most developers use Approach 1 or 2.
Syncing form data to popular databases
If you're using splitforms with webhooks, here's how to connect to common databases and storage tools:
- PostgreSQL / MySQL — serverless function inserts rows via webhook
- MongoDB — insert documents with Mongoose or the native driver
- Airtable — native one-click OAuth connect, or POST to the Airtable REST API via webhook for custom mapping. See our Airtable integration guide.
- Google Sheets — native one-click OAuth connect, no Apps Script required. See our Google Sheets guide.
- Notion — native one-click OAuth connect, or create database items via the Notion API for custom mapping. See our Notion integration guide.
- HubSpot / Salesforce / Pipedrive — create contacts/deals via CRM API webhooks
Security best practices
- Never expose database credentials in client-side code. Always proxy through a server or serverless function.
- Use parameterized queries to prevent SQL injection. Never concatenate user input into SQL strings.
- Validate and sanitize all input on the server side, not just in the browser.
- Rate-limit submissions by IP to prevent flooding.
- Encrypt sensitive data before storing. Don't store credit card numbers in form submissions.
- Define a retention policy. Delete submissions after a set period to comply with GDPR.
Frequently asked questions
How do I connect an HTML form to a database without PHP?
Use a hosted form backend like splitforms. Point your form's action to https://splitforms.com/api/submit with your access key. Submissions are stored in a searchable database with a dashboard, CSV export, webhook delivery, and email notifications — no server-side code required.
Can I save HTML form data directly to MySQL?
Yes, but you need a server-side layer (Node.js, Python, PHP) between the form and MySQL. Never expose database credentials in client-side HTML. The safest pattern is to use a hosted backend that stores submissions and provides an API for retrieval, or to proxy through a serverless function.
What database does splitforms use to store form submissions?
splitforms operates its own database layer. Every submission is stored with full metadata (timestamp, IP, user agent, spam score), searchable in the dashboard, exportable as CSV, and deliverable via signed webhooks to your own database (PostgreSQL, MySQL, MongoDB, Airtable, Google Sheets, etc.).
How do I send form data to Google Sheets instead of a database?
splitforms has a native Google Sheets integration — connect it once from Dashboard → Integrations → Google Sheets and every submission appends as a new row automatically, no webhook or Apps Script required. See our Google Sheets integration guide for step-by-step setup.
Is it safe to store form submissions in a database?
Yes, as long as you follow basic practices: encrypt data at rest, use HTTPS for transmission, implement access controls, and define a data retention policy. splitforms handles all of this by default — GDPR-compliant storage, encrypted at rest, with configurable retention windows.
Start collecting form data today
Keep reading
- How to send form data to an API
- Store form submissions in Google Sheets
- Send form submissions to Airtable
- Send form data to a webhook
- Sign up for free — 500 submissions/month with database storage included.