Hey guys I am a newbie in PHP and programming all together. Can anyone tell me the difference between Get andPOST methods of PHP. and also which one is better and in wat advantages each of them has.
thanks for your help...
thanks for your help...
get and post
| Code: |
| <form method="post" action="somepage.php">
<input name="username" /> <input name="password" /> </form> |
Will post it to the page "somepage.php"
You can access the posts with
| Code: |
| $_POST[username]
$_POST[password] |
But with GET
| Code: |
| <form method="get" action="somepage.php">
<input name="username" /> <input name="password" /> </form> |
It will go to the page "somepage.php?username=&password="
So you can see the username and password in the URL
| Code: |
| $_GET[username]
$_GET[password] |
So say if you was making a login system you would not really want to use GET because other people by the computer can see your username and password.
Yeah get is not for logins.
Cus if u login with get then the url wold look something like this. www.mysite.com/login.php?username=kewiin&password=mypass
And you dont want that?
But its great if u want to display an members page.
Then u då sometghing like this
SELECT * FROM site_users WHERE id='$_GET[id]' LIMIT 1
And then u dont have to create a new file for all the users
Cus if u login with get then the url wold look something like this. www.mysite.com/login.php?username=kewiin&password=mypass
And you dont want that?
But its great if u want to display an members page.
Then u då sometghing like this
SELECT * FROM site_users WHERE id='$_GET[id]' LIMIT 1
And then u dont have to create a new file for all the users
If you're using a form to login, do not use "GET"! This is dangerous and can leave code open to hackers. Use the "POST" method and some type of sql injection function (protects your code from hackers).
If you only want to show a mysql record that doesn't require user input you can use "GET". You should still use a sql injection function.
Example:
If you only want to show a mysql record that doesn't require user input you can use "GET". You should still use a sql injection function.
Example:
| Code: |
| http://www.yourwebsite.com/users/?id=1 |
| Code: |
| SELECT * FROM site_users WHERE id='$_GET[id]' LIMIT 1 |
Example:
URL
If its a number you can protect from injections with (int) ... THat changes what ever into a number
The SQL query
URL
| Code: |
| http://www.yourwebsite.com/users/?id=1 |
If its a number you can protect from injections with (int) ... THat changes what ever into a number
| Code: |
| $id = (int)$_GET[id]; |
The SQL query
| Code: |
| SELECT * FROM `site_users` WHERE `id` = '" . $id . "' LIMIT 1 |
| phpc0d3r wrote: | ||||
| If you're using a form to login, do not use "GET"! This is dangerous and can leave code open to hackers. Use the "POST" method and some type of sql injection function (protects your code from hackers).
If you only want to show a mysql record that doesn't require user input you can use "GET". You should still use a sql injection function. Example:
|
The POST method isn't any more secure than the GET method, except that it (probably) won't be shown in the address bar.
SQL injections are just as easy to do using POST variables.
 |