Home arrow PHP arrow PHP GET and POST Functions

PHP GET and POST Functions

PHP GET and POST are predefined global and associated array variables used for retrieving user submitted information passed using HTTP GET and HTTP POST methods. They are mostly used with PHP web form applications where you need to interact with your user input. This tutorial is a complete guide to using PHP GET and POST functions with illustrative examples and security considerations.

  1. PHP GET and POST Functions
  2. Understanding $_GET in PHP
  3. Best PHP Practices and Security Considerations
By: Codex-M
Rating: starstarstarstarstar / 8
April 20, 2011

print this article



Understanding the $_POST

Let's start with $_POST. Ideally you should use $_POST when:

  1. You need to pass the values submitted by a user in your web form to a server side script.
  2. You need the form submitted to be hidden and not to be shown in the URL (in the browser address bar).
  3. You are using the HTTP POST method when submitting the web form. The value passed by HTTP POST will appear in the headers.
  4. You need to submit a large amount of information (such as text) to the server for processing.

In their most basic form, PHP web forms take two elements. The first is the HTML web form asking for  user input. The second is the processing script that retrieves the posted values to the server. This is where you will be using $_POST to retrieve these values.

Basic code example:

This is the web form HTML code (basicpost.php):

<title>Basic Application for PHP $_POST</title>
<form action="processor.php" method="post">
Please enter your name: <input name="yourname" type="text" />
<input type="submit" name="submit" value="Submit your name">

The web form code above states that when the form is submitted, the processing of the web form posted values will be done by a script named “processor.php”. It also shows that the method of form submission is using the HTTP POST method. This is the code of processor.php:

//This is the script of processor.php

//retrieve name from the web form which is submitted using HTTP POST Method
$name= $_POST['yourname'];

//Output the name back to the browser
echo "Your name is $name.";


By placing both files (basicpost.php and processor.php) in the same folder of your test server, you can actually run this form. First, it asks for your name. After typing your name and pressing the “Submit your name” button the value of the “yourname” textbox will be submitted to processor.php. Since webform.php is using HTTP POST, it should  be retrieved using $_POST variable, example:

$name= $_POST['yourname'];

Echo command will display it back to the browser (ie; “Your name is Codex M”). You might observe that after form submission, you will no longer see your name displayed in the URL.

IMPORTANT: DO NOT USE THE ABOVE SAMPLE CODE IN YOUR PHP APPLICATIONS. The purpose is just to show an entry/beginner level example on the use of $_POST in a web form. The primary reason is that the above script is NOT SECURE for practical use. Security when using these variables will be discussed later in this tutorial.

Why is $_POST a global variable? A global variable is one that you can use and re-use throughout your PHP script even inside a function. For example:

$x = 1;
function testing()
echo $x;

In the above example, $x is NOT a global variable. When used inside function testing(), it won't carry its value, which is 1. When the above code runs, it won't output 1 to the browser. To make the above variable attain a global scope. You need to declare it as “global”:

$x = 1;
function testing()
//Define $x to be a global variable
global $x;
echo $x;

The above code now outputs 1, because $x value can be used and re-used throughout the script, it's now a global variable. $_POST is a global variable. There is no need to define $_POST as global. This makes it very convenient for programmers to retrieve the value $_POST anywhere in the script as needed. However since it's global it also introduces a lot of security related issues. More of this will be discussed later.

Why is $_POST an associated array variable? If you are familiar with an array variable then you might know that to retrieve the value of the array, you should use square brackets such as:

//Define array and assign value to it
$this_is_an_array = array("Codex Meridian"=> "DevShed.com");

//Dump the values contained in the associative array


//Retrieved the associated pair value for Codex Meridian and output to browser

echo $this_is_an_array['Codex Meridian'];

The browser output of this var_dump is:

array(1) {
["Codex Meridian"]=> string(11) "DevShed.com"

This means that “Codex Meridian” has a pair value of “DevShed.com”. Now when this is accessed using:

echo $this_is_an_array['Codex Meridian'];

The output is “DevShed.com” in the browser. Same thing with $_POST. Supposing you will dump the output of the above basic $_POST example:

$name= $_POST['yourname'];
//Dump the value of $_POST variable

This is the output of the var_dump (supposing you will enter “John Doe” as name:

array(2) {
["yourname"]=>string(8) "John Doe"
["submit"]=>string(16) "Submit your name"

The above var_dump of $_POST shows that it is indeed an associative array variable.

>>> More PHP Articles          >>> More By Codex-M

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: