Process GET Data in PHP

Submitted by Yorkiebar on Tuesday, July 29, 2014 - 02:11.
Introduction: This tutorial is on how to process data through the GET type in PHP. This is a tutorial in addition to process POST data, found here; http://www.sourcecodester.com/tutorials/php/7622/process-post-data-php.html. HTML Form: Here is a basic POST HTML form... 
  1. <html>
  2. 	<head></head>
  3. 	<body>
  4. 		<form action='page.php' method='POST'>
  5. 			<input type='text' name='user' />
  6. 			<input type='submit' />
  7. 		</form>
  8. 	</body>
  9. </html>
This would create a basic HTML form consisting of a submit button, and a textbox with the name of 'user' which would be where the user would enter their username for something such as a register or login form for an accounts website. The submit input is a simple Submit button to submit the form information. As you can see from the 'METHOD' of the form, it is a 'POST' method form. This means any data will be sent behind the scenes to the destination location, which in this case is 'page.php' which can be found through the 'action' attribute of the HTML form. The above is a snippet from my POST tutorial to show you the comparison of difference between GET and POST forms. To alter our POST HTML form to GET, we simply change the method 'POST' to 'GET' in the form declaration tag, like so; 
  1. <html>
  2. 	<head></head>
  3. 	<body>
  4. 		<form action='page.php' method='GET'>
  5. 			<input type='text' name='user' />
  6. 			<input type='submit' />
  7. 		</form>
  8. 	</body>
  9. </html>
Processing: The main difference between POST and GET is the security of the two. POST is data sent behind the scenes while GET data is sent via the URL. Going from this information, it should be noted that most HTML forms use POST data because the majority of HTML forms require the user to input sensitive information such as passwords. Search forms, for example, may use GET since it doesn't matter is an attacker is looking at the users URL with the text of their search query they have just entered. To process our GET information form from above, we can see that we need to place some PHP to handle the GET information on 'page.php' as it is the 'action' of the HTML form. So, on 'page.php', we want to create the basic PHP tags... 
  1. <?php
  2.  
  3. ?>
Next we want to check if the data is there; 
  1. <?php
  2. 	if (isSet($_GET['user'])) {
  3.  
  4. 	}else
  5. 		echo 'No user found.';
  6. ?>
The above code will check if a variable with the key of 'user' is found in the $_GET environment (url). If it isn't, we echo a simple error message of; 'No user found.' If the user $_GET variable/key is set, we can write it to a variable, modify it's value, and/or output the raw information, like so... 
  1. <?php
  2. 	if (isSet($_GET['user'])) {
  3. 		$user = $_GET['user']; //Gets the raw information from the user $_GET variable, and places it in to a new '$user' string variable.
  4. 		$user = 'USERNAME: ' . $user; //Modifies the value of our new $user variable to 'USERNAME: ' followed by the entered username information ($_GET raw information).
  5. 		echo $user; //Output $user variable value.
  6. 	}else
  7. 		echo 'No user found.';
  8. ?>
Finished! That's all there is to it! However, you should NOT use raw information for data processing, this is how vulnerabilities in your web pages appear. You should always add security to any user input forms, and other external variables if needed. I wrote a tutorial on adding form security, which can be found here; http://www.sourcecodester.com/tutorials/php/6288/php-security-form-password-encryption-fake-options.html

Tags

Add new comment

About text formats
  • 47 views