PHP Basic Series – POST, GET & REQUEST

One of the major goals of PHP is to allow a common website to be fully dynamic. For that can be used database requests, form posting, changing information when parameters change, etc.

No matter when working with AJAX/PHP/MYSQL or PHP/MYSQL or simply PHP/MAIL you will probably be using the pre-defined variable arrays of $_POST, $_GET, $_FILES or $_REQUEST. Among these there is one more variable that you should have knowledge about, the $_SERVER variable that holds all the server environment information and is also an array.

[Note]: All these arrays are associative

$_POST

The $_POST array will hold all information that have been passed by a HTTP POST method, or in a simple way, all information that have been passed by a post form and all this information will become a associative index on the array. Per example, if you have a input text box that is named “name” to access it via post you would use $_POST[‘name‘];

It’s always easier to understand the flow of information when you have more than one page, so let’s consider a 3 page application in wich:

  1. Page 1 will hold the post form
  2. Page 2 will process the post
  3. Page 3 will show a thank you message

Page 1: form.html (note that since we are gonna be using php script on the page, there is no need for the php extension even knowing that you can use it).

<html>
<body>
<form method=”post” action=”processForm.php”>
<input type=”text” name=”username” value=”” /><br />
<input type=”submit” value=”submit form” />
</form>
</body>
</html>

It’s a very simple page with a form and a textbox that will submit the information, once posted, to the processForm.php file, that, will process the post request. Note that on the form method the post is defined, but you could use as well the get method. The only thing about using the get method is that it will submit all the values on the browser url as part of a querystring and it would be necessary to use the $_GET variable to request the values.

Page 2: processForm.php – The process posted form page

<?php
if (!empty($_POST)) // checking if a post has been completed
{

if (strlen($_POST[‘username’]) > 0)
{
// has something, let’s force to go to the thanks page
header(‘location: thanksPage.php‘);
}

}
?>

[Note]: Since is a full PHP page you don’t need the closing tag (in red).

Page 3: thanksPage.php – The thank you for posting page

At the last page of the example we will show a thank you page to the user for posting he’s username information.

<html>
<body>
<p> Thanks for posting the form </p>
</body>
</html>

The last page is quite simple and it’s a simple thanks message as part of the last process to be done to complete the post method.

Looking into a simple work flow we would have:

[page 1: form] [enter information] [submit]
{ form is posted to the processPost.php page } :: [page 2: processing] [check if the form has been submited] [check if the username was given]
{ page is redirected to the thanksPage.php } :: [page 3: user message] [show message] [end]

As you have probably noticed by now if the username is not given it will only show a blank page, we would not have a error message being show or even a return to the previous page. Another thing is that even that the username is given, there is no validation what so ever over the submited post.

This is where the $_GET comes to be extremely useful. Get should be used to communicate parameters between pages, but only communicating those parameters that does not contain sensitive information such as passwords or credit card numbers. As example, think in a AJAX call to a php script where the goal is to filter the search based on a given parameter. This is actually done by using $_GET on the php side and passing the filters by a querystring.

Since we don’t really need a form posting to use the get, let’s first demonstrate how to send parameters between pages using the $_GET array. To better understand the process let’s create a 2 page set where the first a user will click a link that will set a parameter on the second page.

Page 1: Links with parameters

<html>
<body>
<a href=”processGet.php?showmsg=1&msg=it%20worked “>click me to set parameters</a>
</body>
</html>

Note 3 elements on that link:

  1. The elements in bold: The ? starts the querystring and whatever comes after it is a parameter that will be passed to the $_GET array. The second element in bold, &, is used to identify any other parameter that will be used on the querystring. After the question mark, all other parameters must use the & to be identified.
  2. The elements in green are the parameters name. The same name that will be used as index on the $_GET array.
  3. The elemenst in blue are the parameters value.

To get those parameters and it’s values, you need a PHP page to parse the $_GET array, so let’s check the page 2.

Page 2: processGet.php – parsing the $_GET array to retrieve the querystring parameters.

<?php
$showMsg = $_GET[‘showmsg’];
$msg        = $_GET[‘msg’];
?>
<html>
<body>
<p>
<?php
if ($showMsg) { echo $msg; }
// the equivalent to this is echo ($showMsg) ? $msg : ”;
?>
</p>
</body>
</html>

The second page will check if the first parameter, showmsg, is set to 1 (or true) and if so it will display the msg “it works” on the page for the user.

[Note]: Since this is a php page with html tags in it, you need to close all open php tags (in red).

$_POST and $_GET become really helpful when working together. You would use the post to safely communicate data and the get to inform when something went wrong or simply to exchange information between pages.

Let’s get the example given to $_POST and add some $_GET parameters to communicate the information between page 1 and 2.

Page 1: form.php (note that the extension has changed)

<?php
$hasError = $_GET[‘error’];
$errorType = $_GET[‘type’];
?>
<html>
<body>
<?php if (!empty($hasError)) { ?>
<p><? if (!empty($errorType) && $errorType == 1) { echo ‘Please enter your username.’; } ?><br /></p>
// if you had more than one type you could parse all errors here
<?php } ?>
<form method=”post” action=”processForm.php”>
<input type=”text” name=”username” value=”” /><br />
<input type=”submit” name=”submit” value=”submit” />
</form>
</body>
</html>

Page 1 (form.php) contains the form that will submit the username information to the processing php page (processForm.php) and also contains a validation using parameters got from the $_GET array. These parameters will be sent by the second page, proccessForm.php, when an error on the submission is detected.

Page 2: processForm.php

<?php
if ($_POST) {
$username = $_POST[‘username’];
if (empty($username)) {
header (‘location: form.php?error=1&errortype=1’); // this will display an error message asking the user to enter his username information on the 1st page.
}
else {
header (‘location: thanksPage.php’); // the information was correctly given, so redirect to the thanks page.
}
}
else {
header(‘location: form.php?error=1&errortype=2’); // this could show a message warning the user that a post submission is needed to process
}
?>

With the help of the $_GET array and querystring now we have much more control over the form submission with a very basic validation and at the same time making the form much more dynamic.

I have mentioned above about the $_SERVER, $_REQUEST and $_FILES and where does they come in all of this? Well the $_REQUEST is the same as the $_POST, $_GET and $_COOKIES altogether in one array. In a coding point of view is good to be using all separate since you know what is being sent and where it came from, but using the $_REQUEST is up to each developer.

The $_FILES array is used when you are posting a file through a form (file upload – remember to set the correct enctype on the form). The file will not be available on the $_POST array making the only way to access it through the $_FILES array. Within this array you can find information where it’s currently stored (the tmp file on the server), it’s real name, type, etc.

To wrap up let’s take a look on the $_SERVER array. The server array contains all the information related to the server environment, from the PHP_SELF – the script executing the php coding, to the SERVER_NAME. Check it out on the php manual page for more info or simply do a var_dump($_SERVER) to learn everything about your development server.

On the next post we will gather everything that we have learned here and place it in a small one page application (yeah multi-page is not really necessary, but make it simpler to explain) where we are going to request a username / password from a user to login.

Have fun.

Advertisements

About mcloide

Making things simpler, just check: http://www.mcloide.com View all posts by mcloide

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: