If you were following our lessons, you have by now learned how to create PHP forms, how to make certain input fields required, and how to validate the data your users enter. Now it's time to learn to make sure you get the information users submitted.
A PHP form action attribute specifies the location to transfer the submitted users' information. You can set the attribute to deliver information to a website or a file.
PHP get and PHP post are superglobal methods, meaning you can use them anywhere in your script. They both send the data users provide to the server. In this tutorial, we will explain in what cases it's better to choose one or the other and how to use them correctly.
PHP Form Action: Main Tips
form actionattribute is used to specify where the data is sent to be processed.
$_GETare used to gather data from PHP forms.
- GET method is used for non-sensitive data and allows bookmarking pages.
- POST method is used for sensitive data as it is considered more secure.
A Simple HTML Form
In the code snippet below you can see a simple HTML form containing two input fields with a submit button:
<html> <body> <form action="pet.php" method="post"> Pet breed: <input type="text" name="breed"><br> Color: <input type="text" name="color"><br> <input type="submit"> </form> </body> </html>
After the form is filled in and the submit button is clicked, all data is sent for processing to pet.php, defined in the PHP
form action attribute. The method used to send the information is PHP POST.
echo variable is used to display the submitted data. Let's see the code in the file:
<html> <body> Your pet breed is: echo $_POST["breed"]; <br> Color is: echo $_POST["color"]; </body> </html>
Now let's try to achieve the same result using PHP GET method:
<html> <body> <form action="pet_get.php" method="get"> Breed: <input type="text" name="breed"><br> Color: <input type="text" name="color"><br> <input type="submit"> </form> </body> </html>
The file specified in PHP
form action attribute (pet_get.php) will now look like this:
<html> <body> Your pet breed is: echo $_GET["breed"]; <br> Color: echo $_GET["color"]; </body> </html>
One crucial thing that you must always keep in mind is protection. We need to validate the form data to defend the script against any malicious code.
Note: When working with PHP forms, never forget security: validation is crucial. The examples above only describe the way to send and retrieve PHP form data!
Theory is great, but we recommend digging deeper!
GET and POST Methods
Both PHP POST and GET methods create an array that holds key/value pairs. The key is a form value and the value is the data inputted by the user. GET and POST are treated as superglobals which means they are accessible anywhere.
$_GET is used to pass an array to the script with URL parameters.
$_POST is used to pass an array to the script with the HTTP POST method.
Using PHP GET
Using GET will not hide the information being sent from a form: everything is visible in the URL. Also, this method has limits to the amount of data that could be sent (the threshold is about 2000 characters).
However, as the information is shown in the URL, you can bookmark the pages, and that is pretty useful on some occasions.
In conclusion, this method should be used for processing not sensitive information.
Note: It is very important to emphasise that you should never use the GET method for sending passwords and any sensitive data!
Using PHP POST
Unlike the GET method, the POST method hides data being sent by embedding in the HTTP request body. It also has no limits and supports more advanced functionality like support for multi-part binary input when using an FTP.
Therefore, it shouldn't come as a surprise most coders prefer the POST method for processing data gathered using PHP forms. The only disadvantage it has is the inability to bookmark particular pages.
PHP Form Action: Summary
$_GETare superglobal variables meant to collect data from forms. Its destination is defined in PHP
- POST method is generally deemed more secure, so it's better to choose it for sensitive data.
- GET method can't provide such safety, but allows you to bookmark certain pages.