Form Data
Form Handling Methods
There are 2 methods for sending form data to a PHP page:
GET
Sends its variables in the URL of the browser. Has a fairly low limit on the number of characters.
Appends form-data into the URL in name/value pairs (delimited by &).
POST
Sends its variables hidden from the user (more secure). Has a much larger character limit.
Its downside is that this data is not automatically resent if users use their back button etc.
Form submissions with POST cannot be bookmarked.
HTML Form Example
Assigning Server Side Variables
The code below will store the variables that have been passed in using the form above. You will notice that the identifiers in the square brackets match up with the name of the inputs in the HTML form.
When to use GET or POST
GET is the default method if you don’t specify and is the least secure
As the variables are sent in the URL – should not be used when sensitive information is being used.
There is also size limitations (set by browsers approx 2000 chars)
POST
If you are updating data or sensitive information is being passed
This is due to it not visible in the URL
Advantages/Disadvantages of POST/GET Methods
Advantages of GET
If security is not an issue, the URL can be bookmarked, allowing it to be re-used without having to complete and submit the original form.
If there is a network connection issue when a form is submitted, the browser will automatically resend the form.
GET submissions can be cached. If the same submission is used regularly (for example form data used to generate the same database query), this could have a significant effect on efficiency.
Can be useful if the form is used to select navigation options
Disadvantages of GET
The form data in the constructed URL is visible and so less secure.
URLs can only contain ASCII codes, which will cause issues if the form data contains non-ASCII characters.
The URL constructed will be stored in the user's web browsing history, making it inappropriate for sensitive data.
URLs have a limited number of characters (approx 2000), which limits the form data submitted.
Advantages of POST
The submitted form data is not visible and so more secure than GET.
Non-ASCII characters can be submitted within the form data set.
There is no URL character limit, so form data can be much larger.
Disadvantages of POST
The submitted form cannot be bookmarked for later use.
If there is a network issue while the form is being submitted, the browser will ask the user to resubmit the form.
Or if you use the back button in your browser the form will require to be resubmitted