Monday, 30 December 2013

TWO Predefined Variables of PHP


TWO Predefined Variables of PHP
·         $_POST[ ]
·         $_GET[ ]
$_POST Method

First of all I would like to defined litery Why Should we use these two Things that what is pre defined Variables and why we use them. So Basically Pre defined Variable are used to get the Data from Forms or Other Web Pages. For this you have to Designed a simple web page where we will use these both pre defined Variables. Let’s start it Here is Below Coding.
[Code]
  1. <html> 
  2. <Head>
  3. <Title> Predefined Variable </title>
  4. <Head>
  5. <form action="welcome.php" method="POST">
  6. ID<input type="text" name="ID"><br>
  7. Password<input type="password" name="pass"><br>
  8. <input type="submit" value="login">
  9. </body>
  10. </html>

[/Code]
    Figure 1 Listing 1 Using Post Method

In the above Coding we Used Post Method after implementing Post method I will use GET method so first we will discuss Post method actually In above coding first of all we make a simple Html Blocks then we make two Inputs Methods  first  for ID and second  for Password remember I am going to create a simple Login Web page  and  as we know our whole coding dependent inside the Body then inside the body we create a form and inside form we used two things first one is Action and second one is Method lets discuss  First Action why we will use action there ? Action means to which web-page you want to send the data From using the same web page you are using like above I am using practise.html then from this web page we can able to send the data using Action.
Methods
Now 2nd thing is What is method and why we used method there? Method means that as this Article biased on two Predefined Variable so Method should be $POST and $GET so first we will implement POST then We will implement GET. Remember  You have Xamp Control Panel Local Server Installed in your PC to Access  Local host otherwise you can’t do all of these things if you are not using  Xamp or wamp Local server then your all stuff will be wasted so if you have Xamp then you able to access and after the above coding go to C Local Drive and from there go to the Xamp folder and then Inside the Htdocs folder save this coding with any name along with extension.html like I saved this file with practise.html  lets access go to your Browses from there type
Local host/practise.html remember practise.html is the name of file you can save this with any name then after localhost/type here your desired name then as we know above coding is about to login form then below is our Login form created !
    Figure 2 Resulting of listing 1

So it looks good now let’s Design it open your new page and start your PHP blocks
[Code]
  1. <? PHP
  2. $Username = $_POST ['ID'];
  3. echo "your Username is:MR.".$Username;
  4. ?>

[/Code]

    Figure 3 Listing 2 Declaring Variable Using Post Method

So here in this coding first we start PHP Blokes remember we can star PHP Blocks with <? And also <? PHP both are same and ends with?> so here also we used Post method because still we are working on Post then we will move towards the GET method. So here I am declaring a variable and I am assign POST method there in brackets we will write the name of ID tag that we used in Practise.html so that’s why I used ID then used  terminator sign. Remember if you want to used the Dot operator in 3rd line then Cont continuation operator here it will work but if you forget to use it here so it’s not a problem because here it will work. There are many things in PHP Programming about Using of variables for the Execution in Web Browser. Let’s Access it in our local host server.
    Figure 4 Resulting of listing 3


As you can see there The Post Method Which we used there. It sends or Transfer the data to Welcome.PHP and this is predefined variable which gets all the data from the sending web-page and you can see the output on your screen one thing more the Post Method is not a part of our URL HTTP. It is fully secure. If you pres the Login Button you can’t see that how our data has come there so this is the most Important thing to used post method there.

$_GET Method:

 Now we will Discuss the second Predefined Variable Which is GET so in the above coding we will literally Change just Where we use POST so now instead of POST we will replace POST by GET method in our both pages practise.html and Welcome.php.
    Figure 5 listing 5

Now you see that the execution of data is same But One thing more you saw there that is Local host/welcome.php?!ID=imran+Khan&pass=buitemsce so its mean that the using of GET method is not secure so you should avoid to use GET Method because when you are transferring your personal data/private data so you should avoid to use GET method. GET method is a part of your URL HTTP that’s why it’s not secure your personal and private data from one page towards the another page. We have some of more examples of $_Post [ ] and $_Get [ ] for more understand.
Get & Post Methods: 
How to & why:
Get method example:
Listing: 6 Using Get Method
[CODE]
  1. <form action="signin.php" method="get">
  2. First Name: <input type="text" name="imran" />
  3. Last Name: <input type="text" name="khanjaffar" />
  4. <input
  5. Type="submit" />
  6. </form>

[/CODE]

Once the submit button is pressed by the user, the form will collect the values & send them along with the url. You'll end up with something like this:

The signing page will actually "Get" the values from the url.
Since the information sent from a form with the GET method will be displayed in the browser's address bar, it is visible to everyone.
It also has limits on the amount of information to send. Its max is 100 characters.
The $_GET variable is an array of variable names and values sent by the HTTP GET method.
Using our example from above, $_GET would contain the following:
Listing: 7 Using Php Blocks
[CODE]
  1. <? Php
  2. If (isset ($_GET ['Fname'])) {
  3. $Fname=$_GET ['Fname'];
  4. }
  5. Else {
  6. echo "Fname was not set in the form\n";
  7. }
  8. if (isset($_GET['Fname'])) {
  9. $Fname=$_GET ['Fname'];
  10. }
  11. Else if {
  12. Echo "Fname was not set in the form\n";
  13. }
  14. ?>

[/CODE]

Now come to Post Method Example
The Post method is used to send values from a form.

Post method example: 
[CODE]
  1. <form action="signin.php" method="post">
  2. First Name: <input type="text" name="Fname" />
  3. Last Name: <input type="text" name="Lname" />
  4. <input type="submit" />
  5. </form>

[/CODE]
Once the submit button is pressed by the user, the form will collect the values & send them invisible to others.
As well, the Post method has no limits on the amount of information to send.

In our example above, the signing page will actually have the values posted, invisible to any user. The $_POST variable catches the form data,
& the values can be retrieved using the following:
Listing: 8 Sending Values to the form
[CODE]
  1. <? Php
  2. If (isset ($_Post [‘Fname’])){
  3. $Fname=$_Post [‘Fname’];
  4. }
  5. Else {
  6. Echo “Fname was not set in the form\n”;
  7. }
  8. if(isset($_POST['Lname'])) {
  9. $Lname=$_POST ['Lname'];
  10. }
  11. Else {
  12. echo "Lname was not set in the form\n";
  13. }
  14. ?>

[/CODE]
Security:
It is important to note that you never want to directly work with the $_GET & $_POST values. Always send their value to a 
local variable, & work with it there. There are several security implications involved with the values when you directly access (or 
output) $_GET & $_POST. 

Security Tip: Strip the HTML & PHP content.
This can be done easily with the strip tags() command. The strip tags () command simply removes HTML and PHP tags from a string,
& returns only its true text value. The reason for this is simple. You don't want someone to input PHP code that will execute
when your script fires off. For example:
Listing: 9 Return only True Values
[CODE]
  1. <? Php
  2. If (isset ($_POST ['Fname'])) {
  3. $Fname=$_POST ['Fname'];
  4. }
  5. Else {
  6. Echo "Fname was not set in the form\n";
  7. }
  8. If (isset ($_POST ['Lname'])) {
  9. $Lname=$_POST ['Lname'];
  10. }
  11. Else {
  12. Echo "Lname was not set in the form\n";
  13. }
  14. if(isset($Fname)) {
  15. Echo strip tags ($Fname)”was passed from the form\n";
  16. }
  17. ?>

[/CODE]
This works for most cases, but there are also ways of outputting the HTML code without allowing it to execute.

Security Tip 2: Don't trust the $_GET content
Rather than taking the user for their word, actually test the contents of $_GET before using it. A good example of this would be
parsing the contents through a switch/case. In a situation where you might be uploading (or loading) a file:
Listing: 10 Using Get Method
[CODE]
  1. <? Php                                                
  2. If (isset ($_GET ['file'])) {
  3. $Fname=$_GET ['file'];
  4. Switch ($_GET ['file']) {
  5. Case "home.html":
  6. $file = "home.html";
  7. Break;
  8. Case "main.html":
  9. $file = "main.html";
  10. Break;
  11. }
  12. Fopen ($file,"r") {
  13. }
  14. }
  15. ?>

[/CODE]
This is also safe practice when running system commands.
Listing: 11 Using PHP Blocks in Post Method
[CODE]

  1. <? Php
  2. If (isSet ($_POST ['host'])) {
  3. System ("ping “. $_POST ['host]);
  4. }
  5. ?>

[/CODE]
Overview:
Since the Get method posts values in the URL, it should never be used when sending passwords or other sensitive information.
On the other hand, because the variables are displayed in the URL, it is possible to bookmark the page. With Post however, the variables 
are not displayed in the URL, making it impossible possible to bookmark the page. Unlike Get, with Post your variables have no length limit.

















Conclusion:
In this Article we had discussed about the pre defined variables of PHP which is $_POST and $_GET also we had discussed which is appropriate and secured while which one is not secured we had discussed these methods with practically examples so at the end now we better know that $_GET is a part of HTTP while $_POST is not a part of your HTTP so we can say that POST method is secured for personal usage while GET is not secured as it is part of your http so that’s why GET is not secured.

0 comments :

Post a Comment