Post variable in php examples of use. Action and Method attribute
In this lesson we will look at techniques for passing data between forms and pages. Such methods are POST and GET. We will talk about each separately and in more detail. Generally speaking, this is needed for communication between forms. For example, we fill out some fields on a page and we need to transfer them to another page for processing.
GET method in PHP
First, let's look at the GET method. This is when all variables and their values are passed directly through the address. Now, using an example, you will see everything, and even understand how most sites and forums work.
For example, we have an html page like this:
See the link? It is complex and consists of several parts. Let's break it down piece by piece:
https://site— domain address or, as it is also called, host.
index.php— a page in PHP that will process the request.
?
— symbol of separation between the address and the block with variables.
Next come the variables and their values, which are separated by the symbol &
.
name=Sergey— the name variable and its value Sergey.
age=22- the same thing, variable age, value 22.
We've sorted everything out, now let's see how this is processed in php using the GET method.
The index.php page, as you remember, we passed to it:
First, a piece of advice: ALWAYS check your variables for correctness: for emptiness, for compliance with valid values, and so on. Since everything is transmitted through the address bar, the data can be easily replaced and damage the site. Now for the code itself: we, using , checked the name and age variables for emptyness and, if they were not empty, we displayed them, and if they were empty, we simply reported it.
It's simple, don't you agree? For example, you can create an html page and make links through variables in the menu, and in index.php process the variable and display a particular page depending on the received value. Well, we’ll talk about this later, in an article about creating a website in PHP from scratch. In order not to miss anything, I advise you to subscribe to RSS.
POST method in PHP
To demonstrate how this method works, we will need a little more than a simple line with an address :) We will need to create an HTML page with a form to fill out, but that’s okay, I’ll give you a ready-made example:
So, we have created an html page with a simple form. Remember, the POST method can only be used in a form.
The first parameter of the form is “method”, it defines the method that we will use for the transfer. As you might have guessed, this is either GET or POST. Moreover, if GET is set, then all field names (in the form of variable names), as well as their values, are passed by reference, as in the section about the GET method. If POST is set, then all variable names and values will be transmitted as a browser request to the web server. That is, they will not be visible in the address bar. In many cases this is very useful. POST is also safer, which is understandable, because variables with their values are no longer so easy to edit, although it is also possible.
The second form parameter is “action”. This is the path and name of the script file to which we pass the data. In our case this is index.php. This path can be transmitted in full, that is, like this: action = “https://my_site.ru/index.php”. If you do not specify the value of the “action” parameter, then all information will be transferred to the main script, that is, the index page index.php of your site, which is quite logical.
Now we will get the data from our form. Since we passed it to index.php, then below will be the code of this particular page:
"; echo "name - "; echo $_POST["user_name"]; echo "
age - "; echo $_POST["age"]; echo " years"; ) else ( echo "Variables did not arrive. Check everything again."; ) ?>
Don’t forget to check for emptiness and valid values. Next, we need to clarify why our variables are called user_name and age? And look at the fields of the form we created above. See there input name="user_name" type="text"? This is where the name parameter specifies the name of the variable that we will get using this field. It's the same with age. I hope it's clear. Well, getting a variable and its value via POST is almost no different from GET, which we discussed above.
Well, it turned out to be a big lesson, but one of the most useful, because passing variables between forms and pages is exactly the interactivity for which we use PHP.
What they have in common is that they work the same way. There is technically no difference between them. But there are ideological differences.
I'll talk about them in the context of PHP. Please note that the HTTP protocol is indirectly related to PHP because it was created for exchanging html pages and PHP simply expands the capabilities of both.
GET request is used to receive data and POST is used to send. (Remember that technically they work the same).
Therefore, in the context of PHP, based on this ideology, we did the following:
1. Every time you start PHP, superglobal arrays ($_GET, $_POST) are created by default.
2. If there is a question mark(?) in the query string. Everything after it is considered parameters GET request, they are presented in the format "key"="value" and the ampersand character (&) is used as a delimiter.
Example:
GET /index.php?name=Andrey&surname=Galkin
This is a query string, there are 2 parameters. these parameters will go into the $_GET array.
3. $_POST is filled in a different way. the contents of this array are filled from the "request headers". That is, from a place clearly hidden from view. The browser takes care of all the chores of creating such headers. Although sometimes something is edited in the headings manually.
Most often, a post request is used in forms (to send data).
For example, we have a login form with 2 fields: login and password.
Let's imagine that we are using the GET method. Then, when submitting the form, we will go to the following address /login.php?login=Andrey&password=123 You will agree that transmitting such information this way is not at all safe. Anyone can open your browser and, starting to enter the site address, they can see your passwords and logins from the history.
But if we specified the POST method, we would receive the following request:
POST /login.php (login=Andrey&password=123) what is in brackets would be hidden and not saved in any way in the browser.
To sum it up:
GET is to get a certain page in a certain form (sorting, current blog page, search bar, etc.).
POST - for sending data that does not affect the display of the page, in the sense that this data only affects the result of the script (logins, passwords, credit card numbers, messages, etc.).
And another good news is that they can be combined, for example
POST /index.php?page=login (login=Andrey&password=123) I think I have already explained enough what will come of this and which parameters will go into which array.
You may have noticed that on most sites you can see the following addresses:
Http://site/index.php?blog=2
Here, even without knowing php, you can guess that we are accessing a file index.php But few people know what comes after the question mark. It's quite simple: ?blog=2 This is a declaration of the global variable "$_GET["blog"]" with the value "2". Thus, I pass a variable into the script that is responsible for displaying information from the database. Let's write a small script in which you can clearly see everything:
if(isset($_GET["blog"])) (
echo $_GET["blog"];
}
?>
We use the if() condition operator and the following line is used as a condition:
Isset($_GET["blog"])
isset() allows you to find out whether the variable specified in brackets exists, that is, the condition that I described in the code sounds like this: If the variable $_GET["blog"] exists, then display the contents of this variable on the screen. Here's what happened:
I think it’s clear A global variable is created $_GET with the identifier that we declared in the address bar ( in this case with the identifier “blog”)
Now I want to clarify one point. Suppose we need to declare two variables, how to do this? The first variable is declared after the question mark "?" The second variable is declared after the “&” sign ( To be honest, I don’t know what this sign is), here is an example declaration of three variables:
Http://site/index.php?a=1&b=2&c=3
Here is the output code:
if(isset($_GET["a"]) AND isset($_GET["b"]) AND isset($_GET["c"])) (
echo $_GET["a"]."
";
echo $_GET["b"]."
";
echo $_GET["c"]."
";
}
?>
The condition sounds like this:
If there is a global variable $_GET["a"] and a global variable $_GET["b"] and a global variable $_GET["c"] then display them on the screen, here is the result:
Forms
Before we get to post requests, you need to understand what forms are? Why is it necessary? Because the global variable $_POST[""] is created through forms. What is form? These are fields for the user to enter some information. There are one-line fields, large fields, and also radio buttons and check boxes. Let's look at everything in order...
The form is a tag:
The form has attributes, I will list the most common ones:
Let's create a form:
I set the file as the handler file test.php since it is in it that I write examples for you. I set the sending method to post because these are the methods used in 99.9% of cases. I also gave our form a name - form
Now let's plunge into the world of form elements. The first thing you need to understand is that almost all elements are a tag the only difference is in the attribute type at these tags. Let me list the form elements used:
I’m sure you’ve seen such fields more than once, so here’s what they say: “no comments”
Now let's create a small training questionnaire, which we will work with further. Our task is to create a small questionnaire that will tell us the name of the person filling it out, gender, what country they are from, favorite color and a text field where the user can add something about themselves. Here's what I got:
Let me comment a little on the created form. Forms are created with the form tag. Form fields are created using the input, select, textarea tags (you can read more). In the form tag, the action attribute specifies the URL of the script that will receive the form data. In our case, we specified our existing script.php file. The method attribute specifies the method for sending data. We have specified the method GET. Now we know which file the form data will be transferred to, and in what way, all that remains is to figure out where to look for it?!
This form data will be passed to the web resource by the browser by appending it to the URL: first there will be a question mark (?), then the parameters will be presented separated by an ampersand (&). The name of the parameter will be taken from the name attribute, which must be specified for any form field. The value of the parameter will depend on the field type. If the field is a text field, the value will be the text entered by the user. If the field is a list, a group of radio buttons or check boxes, then the value of the parameter will be the value of the value attribute of the selected element. Let me explain using our form as an example. If the user enters the number 10 in the input field, then the name of the parameter will be num (the value of the name attribute of the input tag) and the value will be 10 (the number entered by the user). Accordingly, the browser will generate a pair "num=10". If the user selects the "Yes" option from the list, then the name of the parameter will be type (the value of the name attribute of the select tag) and the value will be yes (the value of the value attribute of the option tag). Accordingly, the browser will generate a “type=yes” pair.
Now we will place this form on the forma.php page.
Enter any values in the form fields and click the "Submit" button. After clicking the button, the browser will open another page (script.php) and the data you entered will be displayed in the browser window. I think it’s clear why: the browser will pass the data to the script.php script, and in the script this data will be processed and displayed on the screen.
POST method Now let's look at how the method works POST.
To send data using POST you need to use HTML forms. As we remember, the method attribute of the form tag is responsible for the method of sending form data. Therefore, you need to specify the value POST in the method attribute of the form tag. Otherwise, the form can be the same as for the GET method. Let's change our form, which we have already used to transmit data using the GET method, to transmit using the POST method.
As you can see, the form remains the same except for the method and action attributes. The data will now be passed to the script_post.php script. Let's place our form on the forma_post.php page.
Now we need to write a script that will process our form data.
To receive data in a script using the passed method POST need to use built-in array $_POST. The keys of this array will be the names of the parameters. In our case we need to use $_POST["num"], $_POST["type"],$_POST["v"]. These array elements will contain the values of the transferred data. As you can see, the difference from using the GET method is expressed only in the use of the $_POST array. Therefore, it will not be difficult for us to write the script_post.php file:
echo ($_POST["num"]."
");
echo ($_POST["type"]."
");
echo ($_POST["v"]);
?>
Now open the forma_post.php file in your browser. Enter some data into the form fields and click the "Submit" button. Now, you probably noticed the difference between the POST method and the GET method - the form data did not appear in the address bar of the browser. Data by method POST cannot be transmitted through the browser address bar. This is a significant difference to remember.
IN PHP Regardless of how the data was sent - the POST method or the GET method - you can receive the data using the $_REQUEST array. Comparison of GET and POST methods When using the GET method, data is transferred by appending to the URL. Thus, they will be visible to the user, which is not always good from a security point of view. Also, the maximum amount of data transferred will depend on the browser - on the maximum permissible number of characters in the browser's address bar.
When using the POST method, the data will not be visible to the user (not displayed in the browser address bar). And therefore they are more secure, and, consequently, the program processing this data is more protected in terms of security. Also, the volume of transmitted data is practically unlimited.
When choosing a data transfer method, you need to take into account the above features and choose the most appropriate method.