Lecture 19 Web Systems and Technologies

PHP GET and POST

In this Lesson we‘ll learn about how to send information to the server using HTTP GET and
POST methods and retrieve them using PHP.

Methods of Sending Information to Server

A web browser communicates with the server typically using one of the two HTTP
(Hypertext Transfer Protocol) methods — There are two ways the browser client can send
information to the web server:

 The GET Method

 The POST Method
Both methods pass the information differently and have different advantages and
disadvantages, as described below.

Before the browser sends the information, it encodes it using a scheme called URL encoding.
In this scheme, name/value pairs are joined with equal signs and different pairs are separated
by the ampersand.

name1=value1&name2=value2&name3=value3

Spaces are removed and replaced with the + character and any other non-alphanumeric
characters are replaced with a hexadecimal values. After the information is encoded it is sent
to the server.
The GET Method
The GET method sends the encoded user information appended to the page request. The page
and the encoded information are separated by the ? Character.
http://www.test.com/index.htm?name1=value1&name2=value2
 The GET method produces a long string that appears in your server logs, in the
browser's Location: box.
 The GET method is restricted to send upto 1024 characters only.
 Never use GET method if you have password or other sensitive information to be sent
to the server.
 GET can't be used to send binary data, like images or word documents, to the server.
 The data sent by GET method can be accessed using QUERY_STRING environment
variable.
 The PHP provides $_GET associative array to access all the sent information using
GET method.
Lecture 19 Web Systems and Technologies

In GET method the data is sent as URL parameters that are usually strings of name and value
pairs separated by ampersands (&). In general, a URL with GET data will look like this:

http://www.example.com/action.php?name=john&age=24

The bold parts in the URL are the GET parameters and the italic parts are the value of those
parameters. More than one parameter=value can be embedded in the URL by concatenating
with ampersands (&). One can only send simple text data via GET method.

Advantages and Disadvantages of Using the GET Method

 Since the data sent by the GET method are displayed in the URL, it is possible to
bookmark the page with specific query string values.
 The GET method is not suitable for passing sensitive information such as the username
and password, because these are fully visible in the URL query string as well as
potentially stored in the client browser's memory as a visited page.
 Because the GET method assigns data to a server environment variable, the length of the
URL is limited. So, there is a limitation for the total data to be sent.

PHP provides the super global variable $_GET to access all the information sent either
through the URL or submitted through an HTML form using the method="get".

<?php
if( $_GET["name"] || $_GET["age"] ) {
echo "Welcome ". $_GET['name']. "<br />";
echo "You are ". $_GET['age']. " years old.";
exit();
}
?>
<html><body>
<form action = "<?php $_PHP_SELF ?>" method = "GET">
Name: <input type = "text" name = "name" />
Age: <input type = "text" name = "age" />
<input type = "submit" />
</form>
</body>
</html>
It will produce the following result −
Lecture 19 Web Systems and Technologies

The POST Method

The POST method transfers information via HTTP headers. The information is encoded as
described in case of GET method and put into a header called QUERY_STRING.
 The POST method does not have any restriction on data size to be sent.
 The POST method can be used to send ASCII as well as binary data.
 The data sent by POST method goes through HTTP header so security depends on
HTTP protocol. By using Secure HTTP you can make sure that your information is
secure.
 The PHP provides $_POST associative array to access all the sent information using
POST method.
In POST method the data is sent to the server as a package in a separate communication with
the processing script. Data sent through POST method will not visible in the URL.

Advantages and Disadvantages of Using the POST Method

 It is more secure than GET because user-entered information is never visible in the
URL query string or in the server logs.

 There is a much larger limit on the amount of data that can be passed and one can
send text data as well as binary data (uploading a file) using POST.

 Since the data sent by the POST method is not visible in the URL, so it is not possible
to bookmark the page with specific query.
 Like $_GET, PHP provide another superglobal variable $_POST to access all the
information sent via post method or submitted through an HTML form using
the method="post".

<!DOCTYPE html>
<html lang="en">
<head> <title>Example of PHP POST method</title> </head>
<body>
<?php
if(isset($_POST["name"])){
echo "<p>Hi, " . $_POST["name"] . "</p>";
}
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
<label for="inputName">Name:</label>
<input type="text" name="name" id="inputName">
<input type="submit" value="Submit">
</form>
Lecture 19 Web Systems and Technologies

</body>
It will produce the following result −

The $_REQUEST Variable

PHP provides another superglobal variable $_REQUEST that contains the values of both
the $_GET and $_POST variables as well as the values of the $_COOKIE superglobal
variable.

<!DOCTYPE html>
<html lang="en">
<head> <title>Example of PHP $_REQUEST variable</title> </head>
<body>
<?php if(isset($_REQUEST["name"])){
echo "<p>Hi, " . $_REQUEST["name"] . "</p>";
}
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
<label for="inputName">Name:</label>
<input type="text" name="name" id="inputName">
<input type="submit" value="Submit">
</form>
</body>

Note: The superglobal variables $_GET, $_POST and $_REQUEST are built-in variables
that are always available in all scopes throughout a script.