Blake O'Hare .com

PHP Tutorial Part 8 - GET and POST

Getting information from the user via a form is usually at the core of any PHP based website. I also promised that I wouldn't teach HTML in this tutorial, but HTML forms aren't something that's used very often when you're making a static webpage using HTML alone so I'll make a very quick exception.

<input type="text" name="banana" value="Weee!" />

This will produce the following:

There are also buttons...
<input type="submit" name="goButton" value="Press Me!" />

This code will produce the following:

Input tags don't do anything by themselves and must be inside a form tag. The form tells the browser where to send the information once the form is submitted and how to send that information.

Here is an example of a complete form:
<form action="send.php" method="get">
  Your comment: <input type="text" name="comment" /><br />
  Your name: <input type="text" name="name" /><br />
  <input type="submit" name="submit" value="Send" />
</form>

The form tag must wrap all input elements you want to use and has two important attributes: action and method.

The action attribute tells the browser what to do once the user submits the form. This is usually just a URL to another page. Before the time of PHP, you could also tell the form to send the contents in an email to a particular address. That's not so popular anymore and is rather discouraged.

The method attribute tells the browser how to tell the next page the information that is in the form. The two values we're interested in are GET and POST.

GET mode

When you press submit on a form that is set to the GET method, you are simply telling it to append all the form names and values to the target URL using the question mark notation. Remember when we talked about input and output? This is one quick way to get input. Pressing submit in the code example below will redirect the browser to a URL that looks something like this:
send.php?comment=This+is+my+comment&name=Blake

When writing send.php or whatever, depending on the configuration of the server you can access the values of these variables by simply referring to their names with $ signs in front of them. But this method is deprecated. The proper way to access this information is by accessing a pre-defined array called $_GET that has string keys that are the names of the variables.

send.php may look like this:
<?
  $message = $_GET['name']." says...\n".$_GET['comment'];
  mail("sitecomments@mybusiness.com", "User feedback", $message, 
       "From: unmonitoredalias@mybusiness.com");
?>

mail is simply a function that will generate emails from the server. The important part of this example is the $_GET part.

POST mode

The other alternative is to use the POST method. The post method will send the variables and their values from an HTML form invisibly to the next page such that they don't appear in the URL. This is good for logins and passwords that you don't want to appear in the URL. The usage of post data on the receiving end is pretty much identical as get, except you use $_POST instead of $_GET...

<?
  $message = $_POST['name']." says...\n".$_POST['comment'];
  mail("sitecomments@mybusiness.com", "User feedback", $message, 
       "From: unmonitoredalias@mybusiness.com");
?>

This will generate roughly the same results. One difference is that post tends to take longer for browsers and servers to process. Also, if you're creating a search box, you probably want to use GET instead because presumably there will be people who want to copy and paste the URL and send to other people. If the form method is set to POST, the URL will not save your search information.

So in summary, use $_GET and $_POST instead of accessing a variable directly. Use GET mode when you can and POST when GET is not appropriate (such as sending a password that you don't want to appear in a URL or when you want people to be able to copy and paste the URL without accidentally worrying about resubmitting data).

Next: Cookies and Sessions
Back to Tutorial Overview