PHP Tutorial on $_POST with Stone River eLearning

In our last blog post, we discussed how $_GET can be used to deliver user data from a HTML form to a PHP file. In this blog post, we will discuss about the other method to perform the same operation, the $_POST method. As we mentioned at the end of our last blog post in this series that the $_POST method is more secure and reliable as compared to the $_GET method, through this blog post, we will try to give enough reasons to justify our claim and also give you a detailed insight about how $_POST actually works in PHP.


  if( $_POST["name"] || $_POST["age"] )
     echo "Welcome ". $_POST['name']. "<br />";
     echo "You are ". $_POST['age']. " years old.";
  <form action="<?php $_PHP_SELF ?>" method="POST">
  Name: <input type="text" name="name" />
  Age: <input type="text" name="age" />
  <input type="submit" />


    • Now what just happened there? You will notice that the example that we have written here is the exact same as the example that we gave for the blog on $_GET, with the only difference being the use of $_POST instead of $_GET. Well, before you start wondering how that is possible, let us erase all your doubts and say that this is precisely the difference between two PHP scripts written using $_GET and $_POST. It goes without saying that most of the points of notes regarding $_GET in the previous blog post, are applicable for $_POST as well. However; there is one point that is not applicable for $_POST and that is where the difference between the two delivery options comes into light.

Unlike, $_GET, $_POST does not include the user data sent in the URL. What it means is while we were able to see all the variables and values assigned against them appended to the URL in case of $_GET, with $_POST, only the URL is displayed on the browser tab. With no information leak, $_POST does give a more secure and reliable option as compared to $_GET and also reduces the possibility of injections.

Both $_GET and $_POST are called superglobals, which means that they exist inside every function by default and do not have to be passed in as a parameter. A superglobal is available to each and every line in the script and anything that is pushed into another variable from a superglobal, must have been first fetched from the HTML form with the help of either the POST or the GET method.



(Visited 86 times, 1 visits today)