TWO Predefined
Variables of PHP
·
$_POST[ ]
·
$_GET[ ]
$_POST Method
First of all I would like to defined litery Why Should we
use these two Things that what is pre defined Variables and why we use them. So
Basically Pre defined Variable are used to get the Data from Forms or Other Web
Pages. For this you have to Designed a simple web page where we will use these both
pre defined Variables. Let’s start it Here is Below Coding.
[Code]
- <html>
- <Head>
- <Title>
Predefined Variable </title>
- <Head>
- <form action="welcome.php"
method="POST">
- ID<input
type="text" name="ID"><br>
- Password<input
type="password" name="pass"><br>
- <input
type="submit" value="login">
- </body>
- </html>
[/Code]
Figure 1 Listing 1 Using Post Method
In the above Coding we Used Post Method after implementing
Post method I will use GET method so first we will discuss Post method actually
In above coding first of all we make a simple Html Blocks then we make two
Inputs Methods first for ID and second for Password remember I am going to create a
simple Login Web page and as we know our whole coding dependent inside
the Body then inside the body we create a form and inside form we used two
things first one is Action and second one is Method lets discuss First Action why we will use action there ?
Action means to which web-page you want to send the data From using the same
web page you are using like above I am using practise.html then from this web
page we can able to send the data using Action.
Methods
Now 2nd thing is What is method and why we used
method there? Method means that as this Article biased on two Predefined
Variable so Method should be $POST and $GET so first we will implement POST
then We will implement GET. Remember You
have Xamp Control Panel Local Server Installed in your PC to Access Local host otherwise you can’t do all of these
things if you are not using Xamp or wamp
Local server then your all stuff will be wasted so if you have Xamp then you
able to access and after the above coding go to C Local Drive and from there go
to the Xamp folder and then Inside the Htdocs folder save this coding with any
name along with extension.html like I saved this file with practise.html lets access go to your Browses from there
type
Local host/practise.html remember practise.html is the name
of file you can save this with any name then after localhost/type here your
desired name then as we know above coding is about to login form then below is
our Login form created !
Figure 2 Resulting of listing 1
So it looks good now let’s Design it open your new page and
start your PHP blocks
[Code]
- <? PHP
- $Username = $_POST
['ID'];
- echo "your
Username is:MR.".$Username;
- ?>
[/Code]
Figure 3 Listing 2 Declaring Variable Using Post Method
So here in this coding first we start PHP Blokes remember we
can star PHP Blocks with <? And also <? PHP both are same and ends with?>
so here also we used Post method because still we are working on Post then we
will move towards the GET method. So here I am declaring a variable and I am
assign POST method there in brackets we will write the name of ID tag that we
used in Practise.html so that’s why I used ID then used terminator sign. Remember if you want to used
the Dot operator in 3rd line then Cont continuation operator here it
will work but if you forget to use it here so it’s not a problem because here
it will work. There are many things in PHP Programming about Using of variables
for the Execution in Web Browser. Let’s Access it in our local host server.
Figure 4 Resulting of listing 3
As you can see there The Post Method Which we used there. It
sends or Transfer the data to Welcome.PHP and this is predefined variable which
gets all the data from the sending web-page and you can see the output on your screen
one thing more the Post Method is not a part of our URL HTTP. It is fully
secure. If you pres the Login Button you can’t see that how our data has come
there so this is the most Important thing to used post method there.
$_GET Method:
Now we will Discuss
the second Predefined Variable Which is GET so in the above coding we will literally
Change just Where we use POST so now instead of POST we will replace POST by
GET method in our both pages practise.html and Welcome.php.
Figure 5 listing 5
Now you see that the execution of data is same But One thing
more you saw there that is Local host/welcome.php?!ID=imran+Khan&pass=buitemsce
so its mean that the using of GET method is not secure so you should avoid to
use GET Method because when you are transferring your personal data/private
data so you should avoid to use GET method. GET method is a part of your URL
HTTP that’s why it’s not secure your personal and private data from one page
towards the another page. We have some of more examples of $_Post [ ] and $_Get
[ ] for more understand.
Get & Post
Methods:
How to & why:
Get
method example:
Listing:
6 Using Get Method
[CODE]
- <form
action="signin.php" method="get">
- First
Name: <input type="text" name="imran" />
- Last
Name: <input
type="text" name="khanjaffar" />
- <input
- Type="submit" />
- </form>
[/CODE]
Once
the submit button is pressed by the user, the form will collect the values
& send them along with the url. You'll
end up with something like this:
The
signing page will actually "Get" the values from the url.
Since the information sent from a form with the
GET method will be displayed in the browser's address bar, it is visible to
everyone.
It also has limits on the amount of information
to send. Its max is 100 characters.
The $_GET variable is an array of variable names
and values sent by the HTTP GET method.
Using our example from above, $_GET would
contain the following:
Listing:
7 Using Php Blocks
[CODE]
- <?
Php
- If
(isset ($_GET ['Fname'])) {
- $Fname=$_GET
['Fname'];
- }
- Else
{
- echo "Fname
was not set in the form\n";
- }
- if
(isset($_GET['Fname'])) {
- $Fname=$_GET
['Fname'];
- }
- Else
if {
- Echo "Fname
was not set in the form\n";
- }
- ?>
[/CODE]
Now come to Post Method Example
The Post method is used to
send values from a form.
Post
method example:
[CODE]
- <form
action="signin.php" method="post">
- First
Name: <input type="text" name="Fname" />
- Last
Name: <input type="text" name="Lname" />
- <input
type="submit" />
- </form>
[/CODE]
Once the submit button is
pressed by the user, the form will collect the values & send them invisible
to others.
As well, the Post method has no limits on the
amount of information to send.
In our example above, the signing page will
actually have the values posted, invisible to any user. The $_POST variable
catches the form data,
& the values can be retrieved using the
following:
Listing:
8 Sending Values to the form
[CODE]
- <? Php
- If (isset ($_Post [‘Fname’])){
- $Fname=$_Post [‘Fname’];
- }
- Else {
- Echo “Fname was not set in the form\n”;
- }
- if(isset($_POST['Lname']))
{
- $Lname=$_POST
['Lname'];
- }
- Else
{
- echo "Lname
was not set in the form\n";
- }
- ?>
[/CODE]
Security:
It is important to note that you never want to
directly work with the $_GET & $_POST values. Always send their value to a
local variable, & work with it there. There
are several security implications involved with the values when you directly
access (or
output) $_GET & $_POST.
Security Tip: Strip the HTML & PHP content.
This can be done easily with the strip tags()
command. The strip tags () command simply removes HTML and PHP tags from a
string,
& returns only its true text value. The
reason for this is simple. You don't want someone to input PHP code that will
execute
when your script fires off. For example:
Listing: 9 Return only True Values
[CODE]
- <?
Php
- If
(isset ($_POST ['Fname'])) {
- $Fname=$_POST
['Fname'];
- }
- Else {
- Echo "Fname
was not set in the form\n";
- }
- If
(isset ($_POST ['Lname'])) {
- $Lname=$_POST
['Lname'];
- }
- Else
{
- Echo "Lname
was not set in the form\n";
- }
- if(isset($Fname))
{
- Echo strip
tags ($Fname)”was passed from the form\n";
- }
- ?>
[/CODE]
This works for most cases,
but there are also ways of outputting the HTML code without allowing it to
execute.
Security Tip 2: Don't trust the $_GET content
Rather than taking the user for their word,
actually test the contents of $_GET before using it. A good example of this
would be
parsing the contents through a switch/case. In a
situation where you might be uploading (or loading) a file:
Listing: 10 Using Get Method
[CODE]
- <?
Php
- If
(isset ($_GET ['file'])) {
- $Fname=$_GET
['file'];
- Switch ($_GET
['file']) {
- Case "home.html":
- $file = "home.html";
- Break;
- Case "main.html":
- $file = "main.html";
- Break;
- }
- Fopen
($file,"r") {
- }
- }
- ?>
[/CODE]
This is also safe practice
when running system commands.
Listing: 11 Using PHP Blocks in Post Method
[CODE]
- <?
Php
- If (isSet
($_POST ['host'])) {
- System
("ping “. $_POST ['host]);
- }
- ?>
[/CODE]
Overview:
Since the Get method
posts values in the URL, it should never be used when sending passwords or other
sensitive information.
On the other hand, because the variables are
displayed in the URL, it is possible to bookmark the page. With Post however,
the variables are not displayed in the
URL, making it impossible possible to bookmark the page. Unlike Get, with Post
your variables have no length limit.
Conclusion:
In this Article we had discussed
about the pre defined variables of PHP which is $_POST and $_GET also we had
discussed which is appropriate and secured while which one is not secured we
had discussed these methods with practically examples so at the end now we
better know that $_GET is a part of HTTP while $_POST is not a part of your
HTTP so we can say that POST method is secured for personal usage while GET is
not secured as it is part of your http so that’s why GET is not secured.