Hey there, PHP enthusiast! Today, we're diving into one of the most essential parts of web development—handling form data in PHP using GET & POST. You’ll learn how to collect user input, process it, and avoid common pitfalls. Let's get started with some fun, practical examples!
GET vs. POST: What's the Difference?
GET Method
- Sends data via URL (query parameters)
- Visible in the browser’s address bar
- Ideal for search forms, filtering, and bookmarks
- Not secure for sensitive data (e.g., passwords)
POST Method
- Sends data in the request body (not visible in URL)
- More secure than GET
- Used for login forms, file uploads, and sensitive actions
Example 1: Using GET to Search
Imagine you’re building a search feature like Google. You pass the query in the URL so users can bookmark it.
HTML Form (search.html)
<form action="search.php" method="get">
<input type="text" name="query" placeholder="Search...">
<button type="submit">Search</button>
</form>
PHP Script (search.php)
if (isset($_GET['query'])) {
$query = htmlspecialchars($_GET['query']); // Prevent XSS attack
echo "You searched for: " . $query;
}
Output: If you search for PHP tutorial, the URL becomes:
http://example.com/search.php?query=PHP+tutorial
Example 2: Using POST for Login
Since GET exposes data in the URL, it’s not safe for handling passwords. Let's use POST instead.
HTML Form (login.html)
<form action="login.php" method="post">
<input type="text" name="username" placeholder="Username">
<input type="password" name="password" placeholder="Password">
<button type="submit">Login</button>
</form>
PHP Script (login.php)
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if ($username == "admin" && $password == "1234") {
echo "Welcome, $username!";
} else {
echo "Invalid login credentials!";
}
}
Output: No sensitive data in the URL! Secure login handling.
Example 3: Contact Form with GET and POST
Let’s build a simple contact form where users can send messages.
HTML Form (contact.html)
<form action="contact.php" method="post">
<input type="text" name="name" placeholder="Your Name">
<input type="email" name="email" placeholder="Your Email">
<textarea name="message" placeholder="Your Message"></textarea>
<button type="submit">Send</button>
</form>
PHP Script (contact.php)
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = htmlspecialchars($_POST['name']);
$email = htmlspecialchars($_POST['email']);
$message = htmlspecialchars($_POST['message']);
echo "Thank you, $name! We received your message: '$message'";
}
🔹 Output: The user gets a confirmation message, and no sensitive data is exposed in the URL!
Best Practices
Always use POST for sensitive data (e.g., passwords, payments). Use htmlspecialchars() to prevent XSS attacks. Validate & sanitize input to avoid security issues. Use GET when sharing URLs (e.g., search queries, filters)
Now you’re a GET & POST pro in PHP! You learned: GET is for retrieving data (search, filters, bookmarks).POST is for secure data submission (logins, payments). Secure user input with validation & sanitization
Keep experimenting, and happy coding!
0 Comments