When accesssing a web page, you can do so using several different types of request methods. The methods are:
The most common method is GET which is the type of request made when you type an address into your web browser, open a site using a bookmark, or click on a hyperlink on a site. All variables that are passed to the web page are clearly visible in the location or address string. They appear as a query string which appears after the script name and looks something like ?action=go&user=ted&pass=secret. The query string always begins with the question mark (?).
Another very common method is POST which was designed for handling web forms. This allows a much greater flexibility for passing data in that it enables you to pass large amounts of data. In order to create a post request, you need to write HTML code to create a form like so:
<form method="post" action="post.php"> <div>Username: <input type="text" name="username" value="" size="16" maxlength="20"> </div><br> <div>Password: <input type="text" name="password" value="" size="16" maxlength="20"> </div><br> <input type="submit" name="action" value="GO"> </form>
The final method HEAD, is only used by search engine spiders to get the meta information about a page (the headers only). Information in the headers includes the date and time when the page was last modified. Search engines uuse this to determine if the page should be crawled again or not. In ordinary web development, you shouldn't need to use this type of request at all. In fact, there is no way to create this type of request using standard HTML (it can only be done programmatically.)
Get variables are accessed using the built-in global variable $_GET. These variables are read from the query string portion of the URL. Because of this, they are always visible to the user in the address or location bar of the web browser.
// access this script as: script.php?user=Ted echo 'user = ' . $_GET['user'];
All variables that are passed in the query string must be encoded to ensure the safe passing of data. Even a basic character like the space is encoded using a hexadecimal string which looks like %20 (representing ASCII code 32). Most scripting languages provide a way to do this encoding for us and PHP is no exception. You encode query string data using the urlencode function.
<a href="logoff.php?user=<?= urlencode($user) ?>">
You should also note that the $_GET array is an associative array (or hashtable). Because of this, you can easy enumerate all of the keys and values using the foreach construct:
echo '<h4>GET Variables</h4>'; foreach ($_GET as $k=>$v) echo $k . ' = ' . htmlspecialchars($v) . '<br>';
Post variables are form variables that are submitted to a web page via a webform (or programmatically.) They are created by create a web form (using the FORM element) and then populating this form with input elements (INPUT, SELECT, and TEXTAREA).
Unlike a GET request, these variables are not visible to the user (unless programming in the web page specifically outputs them to the user.)
// access this script by submitting a web form if ($_SERVER['REQUEST_METHOD'] != 'POST') echo '<b>Request method must be POST</b>'; elseif (isset($_POST['username'])) echo 'username = ' . $_POST['username']; else echo 'Post variable <b>username</b> was not defined';
Above, you will see we have used the $_SERVER built-in variable to test the request method used to access the page. Also, you will notice we test to see if the post variable has been set using the isset function.
You should also note that the $_POST array is an associative array (or hashtable). Because of this, you can easy enumerate all of the keys and values using the foreach construct:
echo '<h4>POST Variables</h4>'; foreach ($_POST as $k=>$v) echo $k . ' = ' . htmlspecialchars($v) . '<br>';
Cookies are a special variable which is stored on the client's computer. They allow you to persist data across multiple web page requests. Just like $_GET or $_POST, the built-in variable $_COOKIE is an associative array (or hashtable) that gives you access to cookies.
Enumeration of cookies works just like the other built-ins:
echo '<h4>COOKIE Variables</h4>'; foreach ($_COOKIE as $k=>$v) echo $k . ' = ' . htmlspecialchars($v) . '<br>';