Dynamic PHP pages receive a lot of information through forms. PHP provides us with 2 methods to capture the data that is submitted in forms, pass it through pages and then manipulate it. The two methods are the GET and the POST methods.
The GET method
When we submit a form which uses the GET method to capture data, all the form data is passed in the page URL i.e the form data will get appended to the page URL as a query string.
When a form is loaded the GET method creates an associative array called $_GET consisting of a key, value pairs where the key is the form control name and value is the input data from the user. This array is used to form a query string by concatenating the name, value pairs and separating each name, value pair using the ampersand symbol. The + symbol is used to replace spaces.
The URL is then concatenated with the query string and then loaded. We represent an URL with the GET data as below.
http://www.getexample.com/action.php?name=david&age=25
The bold parts in the above URL are the GET parameters and italic parts are the values of those parameters. We can append more than one name/value pairs the URL by concatenating them with an ampersand (&). Users can only send simple text data using the GET method.
The submitted data is visible to everyone via the query string. This can pose significant security issues. Hence the GET method is recommended for use only when handling non-sensitive data.
Advantages and Disadvantages of Using GET Method
- We can bookmark the page with query string values because the information that is submitted using the GET method is visible in the URL.
- The GET method is not useful for passing sensitive information like financial data, because the information is visible and available in the URL query stri ng and is stored in the client browser as a visited page.
- The length of the URL is restricted (usually 2000 characters) and limited for the total data to be sent.
- GET method cannot be used to send binary data such as images or word documents to the server.
- The data sent by the GET method is accessible by using the QUERY_STRING environment variable.
Example:
Code:
Output :
Name text box, Age text box & Submit button
The POST Method
The GET data can only be used to submit simple text data and it is considered very insecure. Because of these reasons, the POSt method is preferred to submit data which is more sensitive. The POST method submits data using HTTP headers and the HTTP post method.
When a form is submitted using the POST method it creates an associative array $_POST comprising of key, value pairs. Here the key corresponds to the id of the form control and value corresponds to the data entered in the form control by the user. This array is encoded just like in the GET method into a query string and then appended into the header
Advantages of the POST method
- There is no restriction on the size of data that can be sent using the POST method. Hence it can be used to send documents and files of large sizes.
- POST method is used for sending diverse types of data including ASCII and binary data like images, documents etc.
- The information that is sent by the POST method passes through the HTTP header so security depends upon HTTP protocol. By using Secured HTTP , we can make sure that the data is secured.
- PHP provides '$_POST' associative array to access the submitted data using the POST method.
Example:
Code:
Output :
Name text box, Age text box & Submit button
Example:
Code:
Here '$_PHP_SELF' variable contains the name of the self-script in which it is being called.
Difference between the GET and the POST method
Though both the GET and the POST methods form an associative array and then form a query string using the submitted data, the method of passing the query string and hence the submitted information is very different.
Some of the differences between the GET and the POST method are as follows
- The GET method forms an array $_GET using the submitted data whereas the POST method forms the $_POST array.
- The GET method appends the query string to the URL and hence the uery string is openly visible.
- The POST method sends the query string by posting to the HTTP header because of which it is usually not visible. The query string is available to everyone when we use the GET method. This poses significant security issues. However, the POST method embeds all the information in the body of the HTTP request and because of this it is more secure. The level of security depends on the security of the HTTP method. If HTTPS is used then the web page can be said to be very secure and the information submitted will be safe from hackers and cyber crimes.
- GET has a limit on the number of characters that can be passed (about 2000) to the processing script whereas POST does not have any limit on the number of characters which can be present in the information being passed.
- GET can be used to submit only simple text whereas the POST can be used to submit all kinds of complex data including ASCII and multi-part binary data like images and large files.
- GET supports bookmarking of the page(based on the information submitted) because variables are a part of the URL whereas POST does not support bookmarks.
Hence due to its support for submitting complex information and the strong security that it provides POST is the method of choice for developers while handling information from forms.