PHP Variables $_GET and $_POST4 min read

There are two methods for sending data from the client browser to the web server:

  • GET method
  • POST method

The data sent is stored in PHP variables $ _GET and $ _POST which are part of the global variables and can be called anywhere in a PHP code. The two variables $ _GET and $ _POST are used to read the information sent in an array from the HTML code with the get and post methods and captured by the PHP server. In other words, the variables $ _GET and $ _POST allow the pages to communicate with each other.

The HTML page below contains an HTML form with input elements of different types: text, password, checkbox, radio, select … When the user fills these elements and clicks on the submit button, the data will be transferred to the destination file “example.php” specified in the action attribute of the form element.

The following image represents an example of an HTML form with the GET method and the result captured by the PHP page.

GET method

The GET method sends the encoded information to the destination page. The page and the encoded information are separated by the ? character.

Let’s take a look at the HTML form below. In the form element, we must specify how we will send the information to the server in the “method” element.

inside the file “page.php”, we used the variable $ _GET to collect the received values (name and city).

After running the code with under the WampServer server, the above result was obtained whose information is visible in the address bar.

  •  GET method produces a long string of characters that appears in the server log and the browser history.
  • The number of characters sent with the GET method is limited to 1024 characters only. So we can not send a long text.
  • Never use the GET method to send sensitive information such as the password or credit card number and code.
  • GET can not send binary data, such as images and documents to the server.
  • The data sent by the GET method is accessible by using the environment variable QUERY_STRING.
  • PHP has a $_GET array to access all information sent with the GET method.
  • GET should only be used to retrieve the information.

POST method

As described above, the GET method is not secure at all, and as a result, it has led PHP developers to develop an efficient solution for sending information without appearing in the address bar. In addition, GET is limited to 1024 characters. So, it is better to send the data of a form using the POST method. The POST method works like the GET method, but is more secure than GET because the values ​​are not visible in the browser address bar and are not saved in the browser history.

To use POST, put the POST keyword in place of GET.

And to collect the information, use the variable $ _POST:

The execution shows that the information is not visible in the address bar:

The benefits of using the POST method:

  • The POST method has no restrictions on the size of the data to be sent.
  • The sent data is not stored in the browser history.
  • POST can be used to send binary data.
  • The data sent by the POST method is passed by the HTTP header so the security depends on the HTTP protocol. By using a secure HTTP you can be certain that your information is protected.
  • PHP has a $ _POST array to access all information sent with the POST method.

$_REQUEST variable

The $ _REQUEST variable contains the contents of $_GET, $_POST, and $_COOKIE. $_REQUEST is useful for receiving data in case it comes from both the $_GET and $_POST methods.

Try the following example in the file “page.php”:




Leave a Comment