PHP GET and POST Functions

Understanding the $_POST

Let's start with $_POST. Ideally you should use $_POST when:

1. You need to pass the values submitted by a user in your web form to a server side script.
2. You need the form submitted to be hidden and not to be shown in the URL (in the browser address bar).
3. You are using the HTTP POST method when submitting the web form. The value passed by HTTP POST will appear in the headers.
4. You need to submit a large amount of information (such as text) to the server for processing.

In their most basic form, PHP web forms take two elements. The first is the HTML web form asking for  user input. The second is the processing script that retrieves the posted values to the server. This is where you will be using $_POST to retrieve these values.

Basic code example:

This is the web form HTML code (basicpost.php):

<html>
<head>
<title>Basic Application for PHP $_POST</title>
</head>
<body>
<form action="processor.php" method="post">
Please enter your name: <input name="yourname" type="text" />
<input type="submit" name="submit" value="Submit your name">
</form>
</body>
</html>

The web form code above states that when the form is submitted, the processing of the web form posted values will be done by a script named “processor.php”. It also shows that the method of form submission is using the HTTP POST method. This is the code of processor.php:

<?php
//This is the script of processor.php

//retrieve name from the web form which is submitted using HTTP POST Method
$name= $_POST['yourname'];

//Output the name back to the browser
echo "Your name is $name.";

?>

By placing both files (basicpost.php and processor.php) in the same folder of your test server, you can actually run this form. First, it asks for your name. After typing your name and pressing the “Submit your name” button the value of the “yourname” textbox will be submitted to processor.php. Since webform.php is using HTTP POST, it should  be retrieved using $_POST variable, example:

$name= $_POST['yourname'];

Echo command will display it back to the browser (ie; “Your name is Codex M”). You might observe that after form submission, you will no longer see your name displayed in the URL.

IMPORTANT: DO NOT USE THE ABOVE SAMPLE CODE IN YOUR PHP APPLICATIONS. The purpose is just to show an entry/beginner level example on the use of $_POST in a web form. The primary reason is that the above script is NOT SECURE for practical use. Security when using these variables will be discussed later in this tutorial.

Why is $_POST a global variable? A global variable is one that you can use and re-use throughout your PHP script even inside a function. For example:

<?php
$x = 1;
function testing()
{
echo $x;
}
testing();
?>

In the above example, $x is NOT a global variable. When used inside function testing(), it won't carry its value, which is 1. When the above code runs, it won't output 1 to the browser. To make the above variable attain a global scope. You need to declare it as “global”:

<?php
$x = 1;
function testing()
{
//Define $x to be a global variable
global $x;
echo $x;
}
testing();
?>

The above code now outputs 1, because $x value can be used and re-used throughout the script, it's now a global variable. $_POST is a global variable. There is no need to define $_POST as global. This makes it very convenient for programmers to retrieve the value $_POST anywhere in the script as needed. However since it's global it also introduces a lot of security related issues. More of this will be discussed later.

Why is $_POST an associated array variable? If you are familiar with an array variable then you might know that to retrieve the value of the array, you should use square brackets such as:

<?php
//Define array and assign value to it
$this_is_an_array = array("Codex Meridian"=> "DevShed.com");

//Dump the values contained in the associative array

var_dump($this_is_an_array);

//Retrieved the associated pair value for Codex Meridian and output to browser

echo $this_is_an_array['Codex Meridian'];
?>

The browser output of this var_dump is:

array(1) {
["Codex Meridian"]=> string(11) "DevShed.com"
}

This means that “Codex Meridian” has a pair value of “DevShed.com”. Now when this is accessed using:

echo $this_is_an_array['Codex Meridian'];

The output is “DevShed.com” in the browser. Same thing with $_POST. Supposing you will dump the output of the above basic $_POST example:

<?php
$name= $_POST['yourname'];
//Dump the value of $_POST variable
var_dump($_POST);
?>

This is the output of the var_dump (supposing you will enter “John Doe” as name:

array(2) {
["yourname"]=>string(8) "John Doe"
["submit"]=>string(16) "Submit your name"
}

The above var_dump of $_POST shows that it is indeed an associative array variable.