Methods of sending data

In addition to common variables, we also have so-called superglobal variables in PHP that carry information about the currently called page and the data we pass.

Typically, we have a form on the page where the user fills in anything and we want to transfer this data to a web server where we process it in PHP.

The most commonly used methods.

GET ~ data is passed in the URL as parameters

POST ~ data travels covertly along with the page request

Ajax POST ~ asynchronous javascript processing

GET Method - $ _GET

Data sent by the GET method can be seen in the URL address (as parameters after the question mark), the maximum length in Internet Explorer is 1024 characters (other browsers do not limit it, but larger texts should not be passed this way). The advantage of this method is mainly in simplicity (you see what you are sending) and in the possibility to link to the result of processing. The data is sent to a variable.

The address of the receiving page might look like this:

https://____________.com/script.php?variable=content&variable2=content

In PHP, for example, we can list the value of the variable parameter as follows:

echo $_GET['variable'];	// prints "content"

Warning: This method of writing data directly to the HTML page is not safe, because we can, for example, transmit HTML code in the URL that would be written to the page and then executed.

Data must always be treated before any dump to the page, using the htmlspecialchars () function.

For example: echo htmlspecialchars ($ _ GET ['variable']);

POST method - $ _POST

Data sent by the POST method is not visible in the URL address, which solves the problem of maximum length of sent data. We should always submit form fields using the POST method to ensure that passwords are not seen, for example, and that a link to a page that results in a particular entry is not processed.

The data is available in $ _POST and is the same as the GET method.

Verify the existence of the sent data

Before processing any data, we should first verify that the data was actually sent, otherwise we would access a non-existent variable, which would throw an error message.

isset () function is used to verify the existence of a variable.

if (isset($_GET['name'])) {
	echo 'Your name: ' . htmlspecialchars($_GET['name']);
} else {
	echo 'No name entered.';
}

Form to insert data

The form is made in HTML, not in PHP. It can also be on an ordinary HTML page. All "magic" takes care of PHP script, which receives the data.

As an example, we can use the form for receiving 2 numbers sent by the GET method:

<form action="script.php" method="get"> 
	First number: <input type="text" name="x">
	Second number: <input type="text" name="y"> 
	
	<input type="submit" value="Add numbers"> 
</form>

The first line shows where the data will be sent and by what method.

On the next 2 lines are simple form elements, notice the attribute name = "", there is written the name of the variable, which substitutes what is now in the form.

Next, there is a submit button (required) and an HTML exit tag of the form (required for the browser to know what to send and what is not).

We can have any number of forms on a single page and cannot be plunged into each other. If a plunge occurs, it is always sent the most plunged and the rest is ignored.

Processing the form on the server

Now we have finished HTML form and send it to script.php, which receives data using GET method. The page request URL might look like this:

https://________.com/script.php?x=5&y=3

script.php

$x = $_GET['x'];	// 5
$y = $_GET['y'];	// 3

echo $x + $y;		// prints 8

First, we should verify that both form fields have been filled, this is done by the isset () function:

if (isset($_GET['x']) && isset($_GET['y'])) {
	$x = $_GET['x'];	// 5
	$y = $_GET['y'];	// 3

	echo $x + $y;		// prints 8
} else {
	echo 'The form was not filled correctly.';
}

TIP: You can pass multiple parameters to an isset () construct to verify that they all exist. Therefore, instead of isset ($ _ GET ['x']) && isset ($ _ GET ['y']), you can specify only: isset ($ _GET ['x'], $ _GET ')

Processing of data received by the POST method

If we accept data using the POST method, the URL of the processing script will always look like this:

https://________.com/script.php

And never otherwise. Just no. The data is hidden in the HTTP request and cannot be seen.

Hidden by the POST method, you need to send username and password for security.

Warning: If you are working with passwords on the site, both the login and registration form should be located on HTTPS and you must havehed the passwords accordingly (for example, with BCrypt).

Processing ajax requests

In some cases, when processing ajax requests, it may not be easy to get the data. The reason is that ajax libraries usually send data as json payload, while the superglobal variable $ _POST contains only form data.

Previous chapter (Orientation in Code) Next chapter (Include (folding pages from pieces))

Back to Learn PHP main menu