PHP is a language used for web development, and as such the way to gather use input is through web forms. That being said in this article I am going to discuss how to go about processing input — form data — with PHP.
Types of Input Data — GET & POST
Form data can be submitted to your PHP script either via GET or POST methods. Which method is used is dependent on which of the two is used in the method attribute of the form tag.
When the form data is submitted with a method of GET the data is encoded and appended onto the url of the action attribute of your from. So your form data can be read right from the url after it is submitted. Ultimately the get method is best used for form that have relatively trivial amounts of unimportant data. Keep in mind the data will be visible in the address bar of the browser.
Post method differs in that the data is not transmitted in the URL after being submitted. The submitted data is transferred “behind the scenes” and is for the most part invisible to the user. Post also allows us to transfer more data.
Accessing GET & POST in PHP
Now we know that we have two methods for transferring input to PHP. We first choose which method you prefer to use or fits your situation best.
If your about to use GET, PHP has an easy way to access that data you just transmitted. PHP has a global array in a variable called $_GET that allows us to access data send via the GET method. To access particular pieces of data you use the name attribute of your input, select, or textarea inside your form.
For example accessing the data in from an input field with name of “email”, we would use the following syntax in PHP.
|
1 |
echo $_GET['email']; |
Accessing data that was transmitted via the POST method we would use the $_POST variable in the same manner, and our example would become…
|
1 |
echo $_POST['email']; |
It really is that simple!
Display All Keys and Values
If you wanted to display all the data that was transmitted, you could use the print_r() or var_dump() functions to display a readable output of your array.
|
1 2 3 4 5 |
print_r($_GET);
/* OR */
var_dump($_POST); |
Keep in mind that these varibales are just PHP arrays that are generated by the PHP interpreter when POST or GET data is present.
You can use array functions to check whether a given field was submitted, or a form field hold a particular value. For example…
|
1 2 |
if($_POST['email'] == 'admin@admin.com')
echo 'Welcome Admin!'; |
Word of Caution
Security of scripts on the web is a huge concern for server security and security of data. Using the value submitted via GET and POST without sanitizing or escaping potentially problematic code can cause a huge headache.
Make sure you escape your posted data using functions such as mysql_escpae_string(), trim(), strip_tags(), htmlentities() and possibly str_replace() and other similar functions to prevent “bad” data from being processed by your script and placing your website or server at risk of being victim to injection attacks and other unpleasant experiences.