Free Online Courses for Software Developers - MrBool
× Please, log in to give us a feedback. Click here to login
×

You must be logged to download. Click here to login

×

MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

×

MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

PHP GET and POST

In this article we will talk about two pre-defined variables in php. We will talk about the $_GET and $_POST methods.

$_POST Method

First of all I would like to define literary Why Should we use these two Things that what is pre-defined Variables and why we use them. So Basically Pre defined Variable are used to get the Data from Forms or Other Web Pages. For this you have to design a simple web page where we will use these both pre-defined Variables. Let’s start it Here is Below Coding.

Listing 1: Using Post Method

<html>

<Head>

<Title> Predefined Variable </title>

<Head>

<form action="welcome.php" method="POST">
ID<input type="text" name="ID"><br>
Password<input type="password" name="pass"><br>
<input type="submit" value="login">
</body>
</html>
Listing 1 Using Post Method

Figure 1: Listing 1 Using Post Method

In the above Coding we Used Post Method after implementing Post method I will use GET method so first we will discuss Post method actually In above coding first of all we make a simple Html Blocks then we make two Inputs Methods first for ID and second for Password remember I am going to create a simple Login Web page and as we know our whole coding dependent inside the Body then inside the body we create a form and inside form we used two things first one is Action and second one is Method lets discuss First Action why we will use action there ? Action means to which web-page you want to send the data From using the same web page you are using like above I am using practise.html then from this web page we can able to send the data using Action.

Methods

Now 2nd thing is What is method and why we used method there? Method means that as this article biased on two Predefined Variable so Method should be $_POST and $_GET so first we will implement POST then we will implement GET Method. Remember You have Xamp Control Panel Local Server Installed in your PC to Access Local host otherwise you can’t do all of these things if you are not using Xampp or wamp Local server then your all stuff will be wasted so if you have Xamp then you able to access and after the above coding go to C Local Drive and from there go to the Xamp folder and then Inside the Htdocs folder save this coding with any name along with extension.html like I saved this file with practise.html lets access go to your Browses from there type.

Localhost/practise.html remember practise.html is the name of file you can save this with any name then after localhost/type here your desired name then as we know above coding is about to login form then below is our Login form created !

Resulting of listing 1

Figure 2: Resulting of listing 1

So it looks good now let’s Design it open your new page and start your PHP blocks.

Listing 2: Declaring Variable Using Post Method

<?PHP

$Username = $_POST ['ID'];

echo "your Username is:MR.".$Username;

?>
 Listing 2 Declaring Variable Using Post Method

Figure 3: Listing 2 Declaring Variable Using Post Method

So here in this coding first we start PHP Blokes remember we can star PHP Blocks with <? And also <?PHP both are same and ends with?> so here also we used Post method because still we are working on Post then we will move towards the GET method. So here I am declaring a variable and I am assign POST method there in brackets we will write the name of ID tag that we used in Practise. HTML so that’s why I used ID then used terminator sign, remember if you want to use the Dot operator in 3rd line then Cont continuation operator here it will work but if you forget to use it here so it’s not a problem because here it will work. There are many things in PHP Programming about Using of variables for the Execution in Web Browser. Let’s Access it in our local host server.

Resulting of listing 3

Figure 4: Resulting of listing 3

As you can see there The Post Method Which we used there. It sends or Transfer the data to Welcome.PHP and this is predefined variable which gets all the data from the sending web-page and you can see the output on your screen one thing more the Post Method is not a part of our URL HTTP. It is fully secure. If you pres the Login Button you can’t see that how our data has come there so this is the most Important thing to used post method there.

$_GET Method:

Now we will Discuss the second Predefined Variable Which is GET so in the above coding we will literally Change just Where we use POST so now instead of POST we will replace POST by GET method in our both pages practise.html and Welcome.php.

Result of listing 5

Figure 5: Result of listing 5

Now you see that the execution of data is same But One thing more you saw there that is localhost/welcome.php?!ID=imran+Khan&pass=buitemsce so its mean that the using of GET method is not secure so you should avoid to use GET Method because when you are transferring your personal data/private data so you should avoid to use GET method. GET method is a part of your URL HTTP that’s why it’s not secure your personal and private data from one page towards the another page. We have some of more examples of $_Post [ ] and $_Get [ ] for more understand.

Get & Post Methods:

Listing 3: Using Get Method


<form action="signin.php" method="get">
First Name: <input type="text" name="imran" />
Last Name: <input type="text" name="khanjaffar" />
<input
Type="submit" />
</form>

Once the submit button is pressed by the user, the form will collect the values & send them along with the url. You'll end up with something like this: www.example.co......&Lname=smith

The signing page will actually "Get" the values from the url.

Since the information sent from a form with the GET method will be displayed in the browser's address bar, it is visible to everyone.

It also has limits on the amount of information to send. Its max is 100 characters.

The $_GET variable is an array of variable names and values sent by the HTTP GET method.

Using our example from above, $_GET would contain the following:

Listing 4: Using Php Blocks


<?php
If (isset ($_GET ['Fname'])) {
$Fname=$_GET ['Fname'];
}
Else {
echo "Fname was not set in the form\n";
}
if (isset($_GET['Fname'])) {
$Fname=$_GET ['Fname'];
}
Else if {
Echo "Fname was not set in the form\n";
}
?>

Now come to Post Method Example. The Post method is used to send values from a form.

Listing 5: Post method example


<form action="signin.php" method="post">
First Name: <input type="text" name="Fname" />
Last Name: <input type="text" name="Lname" />
<input type="submit" />
</form>

Once the submit button is pressed by the user, the form will collect the values & send them invisible to others.

As well, the Post method has no limits on the amount of information to send.

In our example above, the signing page will actually have the values posted, invisible to any user. The $_POST variable catches the form data, & the values can be retrieved using the following:

Listing 6: Sending Values to the form


<?php
If (isset ($_Post [‘Fname’])){
$Fname=$_Post [‘Fname’];
}
Else {
Echo “Fname was not set in the form\n”;
}
if(isset($_POST['Lname'])) {
$Lname=$_POST ['Lname'];
}
Else {
echo "Lname was not set in the form\n";
}
?>

Security:

It is important to note that you never want to directly work with the $_GET & $_POST values. Always send their value to a local variable, & work with it there. There are several security implications involved with the values when you directly access (or output) $_GET & $_POST.

Security Tip:

Strip the HTML & PHP content. This can be done easily with the strip tags() command. The strip tags () command simply removes HTML and PHP tags from a string, & returns only its true text value. The reason for this is simple. You don't want someone to input PHP code that will execute when your script fires off. For example:

Listing 7: Return only True Values



<?php
If (isset ($_POST ['Fname'])) {
$Fname=$_POST ['Fname'];
}
Else {
Echo "Fname was not set in the form\n";
}
If (isset ($_POST ['Lname'])) {
$Lname=$_POST ['Lname'];
}
Else {
Echo "Lname was not set in the form\n";
}
if(isset($Fname)) {
Echo strip tags ($Fname)”was passed from the form\n";
}
?>

This works for most cases, but there are also ways of outputting the HTML code without allowing it to execute.

Security Tip 2: Don't trust the $_GET content

Rather than taking the user for their word, actually test the contents of $_GET before using it. A good example of this would be parsing the contents through a switch/case. In a situation where you might be uploading (or loading) a file:

Listing 8: Using Get Method


<?php	
If (isset ($_GET ['file'])) {
$Fname=$_GET ['file'];
Switch ($_GET ['file']) {
Case "home.html":
$file = "home.html";
Break;
Case "main.html":
$file = "main.html";
Break;
}
Fopen ($file,"r") {
}
}
?>

This is also safe practice when running system commands.

Listing 9: Using PHP Blocks in Post Method


<?php
If (isSet ($_POST ['host'])) {
System ("ping “. $_POST ['host]);
}
?>

Overview:

Since the Get method posts values in the URL, it should never be used when sending passwords or other sensitive information.

On the other hand, because the variables are displayed in the URL, it is possible to bookmark the page. With Post however, the variables are not displayed in the URL, making it impossible possible to bookmark the page. Unlike Get, with Post your variables have no length limit.

Conclusion:

In this Article we had discussed about the pre-defined variables of PHP which is $_POST and $_GET also we had discussed which is appropriate and secured while which one is not secured we had discussed these methods with practically examples so at the end now we better know that $_GET is a part of HTTP while $_POST is not a part of your HTTP so we can say that POST method is secured for personal usage while GET is not secured as it is part of your http so that’s why GET is not secured.



Software developer from Karachi, Pakistan. Freelancer writer for web developent and web design.

What did you think of this post?
Services
[Close]
To have full access to this post (or download the associated files) you must have MrBool Credits.

  See the prices for this post in Mr.Bool Credits System below:

Individually – in this case the price for this post is US$ 0,00 (Buy it now)
in this case you will buy only this video by paying the full price with no discount.

Package of 10 credits - in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download few videos. In this plan you will receive a discount of 50% in each video. Subscribe for this package!

Package of 50 credits – in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download several videos. In this plan you will receive a discount of 83% in each video. Subscribe for this package!


> More info about MrBool Credits
[Close]
You must be logged to download.

Click here to login