Just wanted to add a note:
For beginners, it is wise to use the "GET" method in forms because you can see what is being sent between the server and the web browser.
For example, in the example above, if you change
<form action="action.php" method="post">
to <form action="action.php" method="get">
you would get something like...
http://www.myserver.com/action.php?name=A&age=B
in your web browser.
However, a good idea is to always change the "GET" to a "POST" because the user of the browser cannot change the contents of the information being sent from the form to the webserver.
In the example given above,
<form action="action.php" method="post">
Would just have,
http://www.myserver.com/action.php
As you can see, no information is visible to the user of the browser.
In other words, _GET and _POST, has a lot of advantage over one another. I personally use "POST" in everything so that the user of the page cannot "spam" it by continually sending information with GET.
Simply put, with "GET" the user can physically change the values that the server gets, whereas with the "POST" method, the user will have a hard time changing the information sent to the server.
For example, if you have a user login service, you definitely want to submit the form by a "POST" so that if someone wants to "change" the account to something like admin, then he would have a hard time doing so because he cannot directly change the information on the browser URL line and then simply send it like that everytime.
处理表单
PHP 一个很有用的特点体现在它处理 PHP 表单的方式。需要理解的非常重要的原理,是表单的任何元素都在 PHP 脚本中自动生效。请参阅本手册中“PHP 的外部变量”以获取关于在 PHP 中使用表单的详细信息及范例。以下是 HTML 表单的范例:
该表单中并没有什么特殊的地方,其中没有使用任何特殊的标识符。当用户填写了该表单并点击了提交按钮,页面 action.php 将被调用。在该文件中,可以加入如下内容:
该脚本进行的工作应该已经很明显了,这儿并没有其它更复杂的内容。PHP 将自动设置 $_POST['name'] 和 $_POST['age'] 变量。在这之前我们使用了自动全局变量 $_SERVER,现在我们引入了自动全局变量 $_POST,它包含了所有的 POST 数据。请注意我们的表单提交数据的方法(method)。如果使用了 GET 方法,那么表单中的信息将被储存到自动全局变量 $_GET 中。如果并不关心请求数据的来源,也可以用自动全局变量 $_REQUEST,它包含了所有 GET、POST、COOKIE 和 FILE 的数据。请参阅 import_request_variables() 函数。
也可以在 PHP 中处理 XForms 的输入,尽管可能更喜欢使用长久以来支持良好的 HTML 表单。XForms 目前还不适合初学者使用,但是用户可能对它感兴趣。手册中在“特点”一章有一节对如何处理从 XForum 接收到的数据进行了简短的介绍。
add a note
User Contributed Notes
Joe
29-May-2006 06:52
29-May-2006 06:52
David
23-May-2006 12:20
23-May-2006 12:20
Grant Floyd's suggestion (in a two-year-old comment) to use HTTP GET for destructive actions like deleting users is an extremely dangerous one. It's a basic rule of the Web that HTTP GET should *never* do anything destructive -- any web agent that prefetches URLs for caching, etc., could end up deleting all of your users by following the links in the document.
yasman at phplatvia dot lv
05-May-2005 03:18
05-May-2005 03:18
[Editor's Note: Since "." is not legal variable name PHP will translate the dot to underscore, i.e. "name.x" will become "name_x"]
Be careful, when using and processing forms which contains
<input type="image">
tag. Do not use in your scripts this elements attributes `name` and `value`, because MSIE and Opera do not send them to server.
Both are sending `name.x` and `name.y` coordiante variables to a server, so better use them.
grant_floyd at yahoo dot not dot yohoo dot com
22-Apr-2004 12:54
22-Apr-2004 12:54
Refering to the GET/POST usage in the HTML specification mentioned:
Although GET will normally be used for requesting information from a webserver the length of the URL is limited to a maximum number of characters. So if you have a form which submits lots of information and text selections you will have to use a POST.
Likewise, sometimes it doesn't make any sense to create a form with a POST method to do something to the server.
For example, if you have a website with a list of users and you want to select one of them to delete, each username could be a 'Delete user' link. It is easier to create a link called /website/deleteuser.php?id=<userid> for each, where deleteuser.php contains the (pseudocode):
$sql = "DELETE FROM usertable WHERE id = " . (int) $_GET['id'];
Finally, $_REQUEST is the simplest default retrieval method as it combines GET, POST and COOKIE information. One thing to be aware of is that it combines the information in an order of precedence defined by the server.
For example, if a website has a cookie with $username and you make up a POST form and use a variable '$username' you may get the $_POST['username'] value instead of the $_COOKIE['username'], causing you some confusion.
The order is defined on the server as 'variables_order'. This set the order of the EGPCS (Environment, GET, POST, Cookie, Server) variable parsing. The default setting of this directive is "EGPCS". So in the above example 'P' for POST comes before 'C' for COOKIE.
sethg at ropine dot com
02-Dec-2003 04:55
02-Dec-2003 04:55
According to the HTTP specification, you should use the POST method when you're using the form to change the state of something on the server end. For example, if a page has a form to allow users to add their own comments, like this page here, the form should use POST. If you click "Reload" or "Refresh" on a page that you reached through a POST, it's almost always an error -- you shouldn't be posting the same comment twice -- which is why these pages aren't bookmarked or cached.
You should use the GET method when your form is, well, getting something off the server and not actually changing anything. For example, the form for a search engine should use GET, since searching a Web site should not be changing anything that the client might care about, and bookmarking or caching the results of a search-engine query is just as useful as bookmarking or caching a static HTML page.