PHP #2: GET and POST
If you’re new to PHP make sure you to go back and read the first part of this tutorial before continuing.
In this tutorial we are going to learn about how to get data from an HTML form (inputted by a user) so that we can use that data in a PHP script.
There are two methods of getting data from HTML forms. If you have browsed the web for any length of time before, you probably have seen the results of these methods in action.
The GET Method
When you see a URL that has a bunch of text and question marks and equal signs after the actual name of the file, they are using the GET method. For example when you type in something on google and search you get a url like http://www.google.com/search?hl=en&q=AtomicPages+Hosting; that’s because they are using the GET method. The part before the ? is the normal url to the page, but the part after that is actually passing data. Each piece of data is made up of the name of the piece of data and the data itself (the value), separated by an equals sign. Each pair of name and value pair is separated by an ampersand. In the page http://www.google.com/search?hl=en&q=AtomicPages+Hosting there are 2 name/value pairs:
The first is named hl and has the value en. In google’s case, they use this value to specify to the page which language you are searching in. en stands for english. If you leave that URL exactly as it is, except change it to say hl=fr, you’ll notice google will change to french.
The second name/value pair is called q and has a value of AtomicPages+Hosting. This name/value pair is letting the page know what you typed in in the search box on the previous page, so that this page can display the results for that search.
Let’s do our own example of the GET method. We will first make a simple HTML page called yourname.html containing just an ordinary HTML form.
<html> <head> <title>Your Name</title> </head> <body> <form method="get" action="yourname_processor.php">; Enter your First Name: <input type="text" name="fname" /> <br /> Enter your Last Name: <input type="text" name="lname" /> <br />; <input type="submit" name="submit" value="Submit" />; </form> </body> </html>
Notice the method attribute of the form tag. We set it to get so that the browser knows the use the GET method. We also set the action to yourname_processor.php which will be the page that gets passed the input data that will we create next. The browser will use the value of the name attribute in the input tags to name each input value. So if somebody fills out this form with John as the first name and Smith as the last name, and presses the submit button they will be moved to a url that looks something like this: http://www.example.com/yourname_processor.php?fname=John&lname=Smith
In PHP you can get the value of variables submitted to the page with the GET method by using the name from the url, like so:
Let’s now make yourname_processor.php so that it displays the person’s name that they entered in yourname.html.
<html> <head> <title>Your Name</title> </head> <body> <?php $firstname = $_GET['fname']; $lastname = $_GET['lname']; print "Your name is $firstname $lastname"; ?> </body> </html>
This code takes the values from the get method and set’s them to variables called $firstname and $lastname. Then it prints out these variables in a string, as we learned how to do in the previous tutorial
The POST Method
The code for the post method will look almost exactly the same as the GET. The big difference is that in the POST method, the passed data won’t be displayed in the URL. The data is passed secretly. Let’s make the same example again using the POST method.
yourname.html would look like this:
<html> <head> <title>Your Name</title> </head> <body> <form method="post" action="yourname_processor.php"> Enter your First Name:<input type="text" name="fname" /><br /> Enter your Last Name:<input type="text" name="lname" /><br /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html>
And yourname_processor.php would look like this:
<html> <head> <title>Your Name</title> </head> <body> <?php $firstname = $_POST['fname']; $lastname = $_POST['lname']; print "Your name is $firstname $lastname"; ?> </body> </html>
Unlike with GET, when you click the submit button on yourname.html you will be redirected to the exact same URL everytime, no matter what you entered. The URL will always look like this http://www.example.com/yourname_processor.php with no name/value pairs on the end. If you have ever pressed a back button on your browser and received a message that says something like “This page contains POST data, would you like to send the POST data again?” This is because along with just sending you to this url, some data was also sent through the POST method.
GET vs. POST
There are pros and cons to both and they are both better to use in certain situations. With GET method, the URL will be linkable and the data will be retained if somebody links you to the page. With POST, if you try to link somebody to the page, the POST data won’t come with the link.
With POST however, data is kept more secure. If you had somebody enter in a password, you would definitely want to use POST so that the password isn’t visible in the URL of the next page.