Monday, 11 February 2013

PHP Form Validation Script: PHP GET and POST Methods

PHP Form Validation Script: PHP GET and POST Methods

Form validation in PHP is very easy. Whenever you submit any form in PHP, you must validate the input data before storing that in database. Basic validations which you can put on your input data might be trimming the input form data, stripping the slashes from form data, handling special html characters and various functional things depending upon the need of your PHP application. Below is the PHP Form Validation Script using POST method.

HTML Page

<form action="validateForm.php" method="post">
Name: <input type="text" name="name">
Email: <input type="text" name="email">
<input type="submit">
</form>

PHP Script to Validate Form

<?php
$name = validateData($_POST['name']);
$email = validateData($_POST['email']);
?>

function validateData($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

Now lets discuss PHP Get and POST methods in detail:

PHP GET Method

The PHP GET method sends the encoded user information appended to the page request. The page and the encoded information are separated by the ? character.


PHP Script to illustrate GET Method

<form action="index.php" method="get">
Name: <input type="text" name="name">
<input type="submit">
</form>

When the user clicks the "Submit" button, the URL sent to the server will look like this:


The index.php file can now use the $_GET variable to collect php form data (the names of the form fields will automatically be the keys in the $_GET array):

Hello <?php echo $_GET["name"]; ?>

The PHP provides $_GET associative array to access all the sent information using PHP GET method.

Limitations of PHP GET Method:

1. When using method="get" in HTML forms, all variable names and values are displayed in the URL. So, PHP GET method should not be used when sending passwords or other sensitive information.

2. The PHP GET method is not suitable for very large variable values. It should not be used with values exceeding 1024 characters.

3. PHP GET method can't be used to send binary data, like images or word documents, to the server.

Advantages of PHP GET Method:

1. Because the variables are displayed in the URL, it is possible to bookmark the page.

PHP Post Method

The POST method transfers information via HTTP headers. The information is put into a header called QUERY_STRING.

PHP Script to illustrate POST Method

<form action="index.php" method="post">
Name: <input type="text" name="name">
<input type="submit">
</form>

When the user clicks the "Submit" button, the URL sent to the server will look like this:


The index.php file can now use the $_POST variable to collect form data (the names of the form fields will automatically be the keys in the $_POST array):

Hello <?php echo $_POST["name"]; ?>

Advantages of PHP POST Method

1. No limit to send data. There is an 8 MB max size for the POST method, by default (can be changed by setting the post_max_size in the php.ini file).

2. Variables are not visible in URL. So one can easily send passwords and critical information using POST method.

3. You can even post binary data using PHP Post Method.

Limitation of PHP POST Method

1. You cannot bookmark a specific page unlike GET method.

1 comment:

  1. Just a few pointers of things that are issues with this article:

    1. Validation is more than just stripping out whitespace and running htmlspecialchars on something. You need to ensure things like the contents of the variable, if it's required, etc. Your examples are a bit incomplete.

    2. Never *ever* advocate the output of a superglobal (like $_GET) without filtering it. Your "Hello " is a very bad idea. You should, at the very least, wrap that in a htmlspecialchars.

    3. "QUERY_STRING" is a value in $_SERVER, not a header (which implies HTTP header)

    4. The GET length restriction is really only a browser restriction, not a HTTP one.

    Hope these help!

    ReplyDelete