FRIHOST • FORUMS • SEARCH • FAQ • TOS • BLOGS • COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


get and post





abhishek25
Hey guys I am a newbie in PHP and programming all together. Can anyone tell me the difference between Get andPOST methods of PHP. and also which one is better and in wat advantages each of them has.
thanks for your help...
DanielXP
Code:
<form method="post" action="somepage.php">
<input name="username" />
<input name="password" />
</form>


Will post it to the page "somepage.php"
You can access the posts with

Code:
$_POST[username]
$_POST[password]


But with GET

Code:
<form method="get" action="somepage.php">
<input name="username" />
<input name="password" />
</form>


It will go to the page "somepage.php?username=&password="

So you can see the username and password in the URL

Code:
$_GET[username]
$_GET[password]


So say if you was making a login system you would not really want to use GET because other people by the computer can see your username and password.
kewiin
Yeah get is not for logins.
Cus if u login with get then the url wold look something like this. www.mysite.com/login.php?username=kewiin&password=mypass

And you dont want that?

But its great if u want to display an members page.
Then u då sometghing like this

SELECT * FROM site_users WHERE id='$_GET[id]' LIMIT 1

And then u dont have to create a new file for all the users Wink
phpc0d3r
If you're using a form to login, do not use "GET"! This is dangerous and can leave code open to hackers. Use the "POST" method and some type of sql injection function (protects your code from hackers).

If you only want to show a mysql record that doesn't require user input you can use "GET". You should still use a sql injection function.

Example:
Code:
http://www.yourwebsite.com/users/?id=1

Code:
SELECT * FROM site_users WHERE id='$_GET[id]' LIMIT 1
DanielXP
Example:

URL
Code:
http://www.yourwebsite.com/users/?id=1


If its a number you can protect from injections with (int) ... THat changes what ever into a number
Code:
$id = (int)$_GET[id];


The SQL query
Code:
SELECT * FROM `site_users` WHERE `id` = '" . $id . "' LIMIT 1
Stubru Freak
phpc0d3r wrote:
If you're using a form to login, do not use "GET"! This is dangerous and can leave code open to hackers. Use the "POST" method and some type of sql injection function (protects your code from hackers).

If you only want to show a mysql record that doesn't require user input you can use "GET". You should still use a sql injection function.

Example:
Code:
http://www.yourwebsite.com/users/?id=1

Code:
SELECT * FROM site_users WHERE id='$_GET[id]' LIMIT 1


The POST method isn't any more secure than the GET method, except that it (probably) won't be shown in the address bar.
SQL injections are just as easy to do using POST variables.
Related topics
Where should I post a request?
post nuke problem
an't install post nuke
How post picture in the forum?
Post nuke
I wont be able to post for sometime
Callout: Post your ride(s)
UT2004 U like the game? Do u have any question post here.
post the funny movie at where?
Post here for what u think the Nintendo Revolution controler
QUOTE YOUR SOURCES OR YOUR POST WILL BE REMOVED!
Programming Help & Support Guidelines
admin ,i see somebody's post points less than -10.00,but ...
POST CELEBS PICS HERE [ THE ONE YOU LIKE MOST ]
not able to post
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.