Blog

Accessing form data with $_GET, $_POST, $_REQUEST

In PHP programming, form data information sent via HTML forms is accessed and managed using the superglobal PHP variables $_GET, $_POST, and $_REQUEST. These superglobals represent arrays of data in a PHP program. They store, retrieve, and process form data sent via multiple methods, such as GET, POST, or both, in the current PHP program.

So, let’s explore the $_GET, $_POST, and $_REQUEST methods in PHP programming.

$_GET method in PHP.

In PHP programming, the $_GET form method is used to retrieve or receive webpage form data sent via the GET method. Here, the GET method adds the form data to the URL as query parameters.

When to use the GET method in forms.

When using the “GET” method in a PHP program, the form data is sent via a URL, such as a search query, or data filtering options.

Limitations of the PHP GET method.

In PHP programming, the $_GET method sends data that is previewed in the web browser URL. Therefore, the GET method should not be used to send sensitive form data and information, such as user passwords and confidential data.

Example of using the $_GET method in PHP.

Explanation of the GET method in HTML forms.

<form action=”get_example.php” method=”GET”>

<label for=”empname”>Employee Name</label>

<input type=”text” id=”empname” name=”empname”>

<br>

<label for=”address”>Employee Address</label>

<input type=”text” id=”address” address=”address”>

<br>

<input type=”submit” value=”Submit”>

</form>

Get Method PHP Code (get_example.php).

<?php

if (isset($_GET[’employee name’])) {

$name = $_GET[’employee name’];

echo “welcome, ” . htmlspecialchars($employeename) . ,

}

?>

$_GET method in PHP explanation.

After submitting an online form to an HTML webpage, the form data information will be added to the URL. For example, here, http://example.com/get_example.php?employeename=Harry.

The form get method will contain the manually submitted form value of Harry in $_GET[’employeename’].

$_POST Method in PHP.

In PHP programming, $_POST is used to retrieve or receive form data information sent via the POST method. The POST method sends the form data in the HTTP request body, and the form data sent via the POST method is not displayed as a preview in the URL.

When to use the POST method in PHP.

The $_POST method in PHP programming is used when the “POST” form method is used in a webpage form, and the sent form data information needs to be hidden. For example, the POST method can be used for secure and confidential information, such as secure user passwords or large-volume data information.

Limitations of the POST method in PHP.

The form data sent with the POST method is not previewed in the webpage browser URL, and there is generally no size limit for form data submission.

Example of using $_POST in PHP.

HTML form POST method explanation.

<form action=”post_example.php” method=”POST”>

<label for=”empname”>Employee Name</label>

<input type=”text” id=”empname” name=”empname”>

<br>

<label for=”email”>Employee Email </label>

<input type=”email” id=”employeeemail” name=”employeeemail” required>

<br>

<input type=”submit” value=”Submit”>

</form>

POST Method PHP Code (post_example.php).

<?php

if (isset($_POST[’employeeemail’])) {

$email = $_POST[’employeeemail’];

echo “Enter your email – ” . htmlspecialchars($employeeemail);

}

?>

$_POST in PHP Explanation.

After submitting a form to a webpage using the POST method, the form data will be sent in the request body. Since this is a secure method, the sent data will not be previewed in the URL.

Here, $_POST[’employeeemail’] will contain the email value submitted in the form, e.g., harry@domain.com.

$_REQUEST Method in PHP

The $_REQUEST method is a universal array method in PHP programming. The request method contains data information from both GET and POST form methods. Here, the request method adds form data sent to the form via GET, POST, or a webpage cookie.

When to Use the $_REQUEST Method in PHP?

The request method is a common method in PHP programming when a user wants to access the requested form data information, whether using the GET or POST form method. For better results, it’s best practice to explicitly define $_GET or $_POST in a form, as this indicates to the web browser which method the sent form data is using.

Example of $_REQUEST usage in PHP.

HTML form (GET or POST method).

<form action=”request_example.php” method=”POST”>

<label for=”empname”>Employee Name </label>

<input type=”text” id=”empname” name=”empname”>

<br>

<input type=”submit” value=”Submit”>

</form>

PHP Code Request Method (request_example.php).

<?php

if (isset($_REQUEST[’empname’])) {

$empname = $_REQUEST[’empname’];

echo “enter username ” . htmlspecialchars($empname);

}

?>

$_REQUEST Method in PHP Explanation.

In the form request method, whether the form data information is submitted via the GET or POST method, $_REQUEST[’empname’] will contain the submitted username value.

Remember, the data sent in $_REQUEST in the form can also be in cookie format, making this a less specific method than the $_GET or $_POST form methods.

Form data validation and sanitization in PHP.

In PHP programming, when accessing form data information through the $_GET, $_POST, or $_REQUEST form methods, it is extremely important to validate and sanitize user input to avoid security risks such as SQL injection and XSS attacks.

• Sanitize – This removes unwanted or dangerous characters in the send/receive form data method.
• Validate – This ensures that the send/receive form data is in the proper format, such as email address, number, etc.

Example of form data validation and sanitization in PHP.

<?php

if (isset($_POST[’empemail’])) {

// Here it starts the process to sanitize input to remove unwanted characters from email

$empemail = filter_var($_POST[’empemail’], FILTER_SANITIZE_EMAIL);

// Validate email format accordingly

if (filter_var($empemail, FILTER_VALIDATE_EMAIL)) {

echo “correct employee email: ” . htmlspecialchars($empemail);

} else {

echo “incorrect employee email format.”;

}

}

?>

Form data validation and sanitization explanation in PHP.

• filter_var() – method here is a powerful built-in function for sanitizing and validating form data.
• FILTER_SANITIZE_EMAIL – This function removes unwanted or dangerous characters from email addresses.
• FILTER_VALIDATE_EMAIL – This function validates form data to ensure that the string entered in the form is a valid email address.

Best practices for managing form get, post, and request methods in PHP.

• Use $_POST for sensitive data – Always use the POST form method to hide secure data information, such as passwords or other sensitive form data, in forms.
• Use $_GET for non-sensitive data – The GET method is ideal for search queries or data filtering parameters in webpage forms, where form or user data is previewed or displayed in a universal format, and is not designed to modify web server state.
• Sanitize and validate input – Always sanitize and validate user input in the GET, POST, and REQUEST form methods in webpage forms to avoid security vulnerabilities.
• Avoid using $_REQUEST – In PHP programming, $_REQUEST can receive data from both GET and POST form methods. The REQUEST form method is less clear and can sometimes behave abnormally when submitting form data. Therefore, using the $_GET and $_POST form methods directly in the form is a better option.

Key Differences among $_GET, $_POST, and $_REQUEST form method

A summary of the $_GET, $_POST, and $_REQUEST methods in PHP programming.

• $_GET method – In PHP programming, it is used to receive data from a form sent via the GET form method. In the GET method, the form data is previewed or displayed in a URL.
• $_POST method – In PHP programming, it is used to receive data from a form sent via the POST method in a webpage. In the POST method, the sent form data is not previewed in the URL.
• $_REQUEST method – The request form method is a more common form method in PHP programming, which adds data from both GET, POST and cookies form methods.