PHP Superglobal – $_GET

HTML Forms and PHP Processing|Learn Form Handling, GET Method, and Security Practices

Introduction:
Welcome to our comprehensive lesson on HTML forms and PHP processing! In this tutorial, we will delve into the fundamentals of creating HTML forms, understand how data is submitted through the GET method, and explore essential security practices in PHP form handling. Whether you are a beginner or seeking to enhance your web development skills, this lesson is designed to provide you with a solid foundation in handling form data effectively.

PHP, $_GET is a superglobal variable:

• In PHP, $_GET is a superglobal variable that is used to collect form data after submitting an HTML form with the HTTP GET method.
• It is an associative array that stores data sent to the script via URL parameters.
• When a submits a form with the GET method, the form data is appended to the URL in the form of key-value pairs.

For example, if you have a form with an input field named “name,” and a submits the form with the value “Omar” for the name field, the URL might look like this:

http://example.com/script.php?name=Omar
In this case, you can use $_GET to retrieve the value of the “name” parameter in your PHP script:

<?php
// Retrieve the value of the "name" parameter from the URL
$name = $_GET['name'];

// Use the value as needed
echo "Hello, $name!";
?>

Remember 

• It’s important to note that values retrieved from $_GET are not automatically sanitized, so you should validate and sanitize input to prevent security vulnerabilities like SQL injection or cross-site scripting (XSS) attacks.
• Additionally, be aware that using $_GET makes the data visible in the URL, so sensitive information should not be transmitted using this method.
• Instead, for sensitive data or data that should not be visible in the URL, you should use the POST method.

complete example in html with explanation

• Let’s create a simple HTML form that uses the GET method to submit data to a PHP script.
• We’ll create two files: index.html (containing the HTML form) and script.php (the PHP script that processes the form data).

index.html:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>GET Form Example</title>
</head>
<body>

<h2>GET Form Example</h2>

<form action="script.php" method="get">
<label for="name">name:</label>
<input type="text" id="name" name="name" required>
<br>
<label for="email">Email:</label>
<input type="email" id="email" name="email" required>
<br>
<input type="submit" value="Submit">
</form>

</body>
</html>

In this HTML file:

The <form> element has an action attribute pointing to “script.php” and a method attribute set to “get”.
Two input fields for “name” and “email” are included with their respective labels.
When the form is submitted, the data will be sent as URL parameters using the GET method.

script.php:

<?php
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "GET") {

// Retrieve and sanitize the values from the URL parameters
$name = isset($_GET['name']) ? htmlspecialchars($_GET['name']) : "";
$email = isset($_GET['email']) ? htmlspecialchars($_GET['email']) : "";

// Display the submitted data
echo "<h2>Submitted Data:</h2>";
echo "<p>name: $name</p>";
echo "<p>Email: $email</p>";
}
?>

In this PHP script:

• It checks if the form is submitted using $_SERVER[“REQUEST_METHOD”].
• It retrieves the values of “name” and “email” from $_GET.
• It uses htmlspecialchars to sanitize the values and prevent potential XSS attacks.
• It then displays the submitted data.
  When you open index.html in a web browser, you can fill out the form and submit it. The data will be sent to script.php via the GET method, and the PHP script will display the submitted information.

The ways to send variables via the HTTP GET method:

There are two main ways to send variables via the HTTP GET method: through URL parameters and through the request body using AJAX.

Sending data by URL Parameters:

When you submit a form with the GET method, the form data is appended to the URL as key-value pairs.

This is the traditional and most common way of sending variables using GET.

For example:

http://example.com/script.php?name=×Omar&age=20
In PHP, you can then retrieve these values using the $_GET superglobal, as mentioned earlier.

<?php
$name = $_GET['name'];
$age = $_GET['age'];
echo "name: $name, Age: $age";
?>

sending data by AJAX (Asynchronous JavaScript and XML):

• Another way to send variables via GET is by using JavaScript and AJAX.
• With AJAX, you can make an asynchronous request to a server-side script and send data without reloading the entire page.
• The data is sent in the request URL similar to traditional GET requests.

Here’s a simple example using JavaScript and the Fetch API:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>AJAX GET Example</title>
</head>
<body>

<h2>AJAX GET Example</h2>

<button onclick="sendData()">Send Data via AJAX</button>

<script>
function sendData() {
var name = "john";
var age = 25;

// Construct the URL with parameters
var url = `script.php?name=${name}&age=${age}`;

// Make a GET request using Fetch API
fetch(url)
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
}
</script>

</body>
</html>

• In this example, the sendData function constructs a URL with parameters and uses the Fetch API to make a GET request to script.php.
• The server-side script (script.php) can then retrieve these values in a similar way as with traditional form submissions.

Both methods have their use cases, and the choice between them depends on the specific requirements of your application. Traditional URL parameters are suitable for form submissions and simple data, while AJAX is often used for more dynamic and interactive applications that require data retrieval without a page reload.

Query string in the URL

• A query string is a part of a URL (Uniform Resource Locator) that contains data to be sent to the server as parameters.
• It starts with a question mark (?) and is followed by key-value pairs separated by ampersands (&).

The general format is:

http://example.com/path/to/resource?name1=value1&name2=value2&…

Here’s a breakdown of the components:

http://example.com/path/to/resource:

• This is the base URL or the path to the resource on the server.
• ?: The question mark indicates the beginning of the query string.

name1=value1&name2=value2:

• These are the key-value pairs separated by ampersands.
• Each pair represents a parameter, where name is the parameter name, and value is its corresponding value.

For example:

http://example.com/search?query=php&category=web-development

In this URL:

Base URL:http://example.com/search

Query string: ?query=php&category=web-development
Parameters: query with a value of php, and category with a value of web-development.
In PHP, you can access and retrieve the values of these parameters using the $_GET superglobal array.

For the above example, you could do something like this:

<?php
$query = $_GET['query'];
$category = $_GET['category'];

echo "Search query: $query, Category: $category";
?>

This allows you to dynamically pass information to a server-side script, which can then use that information to generate dynamic content, perform searches, or carry out other actions based on the provided parameters.

complete example:HTML page that includes a form with input fields

• Let’s create a simple HTML page that includes a form with input fields.
• The form data will be sent to a PHP script through the GET method, and the PHP script will process and display the received parameters.

index.html:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Query String Example</title>
</head>
<body>

<h2>Query String Example</h2>

<form action="process.php" method="get">
<label for="name">Name:</label>
<input type="text" id="name" name="name" required>
<br>
<label for="age">Age:</label>
<input type="number" id="age" name="age" required>
<br>
<input type="submit" value="Submit">
</form>

</body>
</html>

In this HTML file:

• The <form> element has an action attribute pointing to “process.php” and a method attribute set to “get”.
• Two input fields for “name” and “age” are included with their respective labels.
• When the form is submitted, the data will be sent as URL parameters using the GET method.

process.php:

<?php
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "GET") {

// Retrieve and sanitize the values from the URL parameters
$name = isset($_GET['name']) ? htmlspecialchars($_GET['name']) : "";
$age = isset($_GET['age']) ? intval($_GET['age']) : 0;

// Display the submitted data
echo "<h2>Submitted Data:</h2>";
echo "<p>Name: $name</p>";
echo "<p>Age: $age</p>";
}
?>

In this PHP script:

• It checks if the form is submitted using $_SERVER[“REQUEST_METHOD”].
• It retrieves the values of “name” and “age” from $_GET.
• It uses htmlspecialchars to sanitize the name and intval to convert the age to an integer.
  It then displays the submitted data.

When you open index.html in a web browser, you can fill out the form and submit it. The data will be sent to process.php via the GET method, and the PHP script will display the submitted information.

An application :a simple application that includes an HTML form and a PHP script

let’s create a simple application that includes an HTML form and a PHP script to process the form data. This example will use the GET method to pass parameters from the HTML form to the PHP script.

index.html:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>PHP Form Processing</title>
</head>
<body>

<h2>PHP Form Processing</h2>

<form action="process.php" method="get">
<label for="name">Name:</label>
<input type="text" id="name" name="name" required>
<br>
<label for="age">Age:</label>
<input type="number" id="age" name="age" required>
<br>
<input type="submit" value="Submit">
</form>

</body>
</html>

process.php:

<?php
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "GET") {

// Retrieve and sanitize the values from the URL parameters
$name = isset($_GET['name']) ? htmlspecialchars($_GET['name']) : "";
$age = isset($_GET['age']) ? intval($_GET['age']) : 0;

// Display the submitted data
echo "<h2>Submitted Data:</h2>";
echo "<p>Name: $name</p>";
echo "<p>Age: $age</p>";
}
?>

Explanation:

HTML Form (index.html):

• The HTML form is created with two input fields for “Name” and “Age.”
• The form has the attribute action=”process.php”, specifying that form data will be sent to the process.php script when the form is submitted.
• The method is set to “get,” which means the form data will be appended to the URL as parameters.

PHP Script (process.php):

• The PHP script (process.php) checks if the form is submitted using $_SERVER[“REQUEST_METHOD”].
• It retrieves the values of “name” and “age” from $_GET.
• It uses htmlspecialchars to sanitize the name and intval to convert the age to an integer.
• Finally, it displays the submitted data.

When you open index.html in a web browser, you can fill out the form and submit it. The data will be sent to process.php via the GET method, and the PHP script will display the submitted information. This example demonstrates a basic form submission and processing using HTML and PHP.

Quiz about HTML and PHP form handling:15 questions 

Below is a quiz with 15 questions related to the concepts discussed in the lesson. Each question is followed by an explanation.

Please note that this quiz assumes basic knowledge of HTML and PHP form handling.

1-What does the action attribute in an HTML form specify?

A) The method used to submit the form.
B) The server-side script that will process the form data.
C) The encoding type for form data.

2-Which HTTP method is commonly used for submitting form data via the URL?

A) POST
B) GET
C) PUT

3-How are parameters typically passed in a URL using the GET method?

A) In the request headers
B) In the request body
C) As key-value pairs in the query string

4-In PHP, how do you retrieve data sent via the GET method from a form?

A) $_POST
B) $_REQUEST
C) $_GET

5-What is the purpose of the htmlspecialchars function when handling form data in PHP?

A) To convert HTML special characters to their respective entities.
B) To decode HTML entities.
C) To remove HTML tags from the input.

6-In the context of HTML forms, what does the method attribute define?

A) The encoding type for form data.
B) The scripting language used for form validation.
C) The HTTP method used to submit the form.

7-Which of the following is true about the $_GET superglobal in PHP?

A) It contains data sent via the POST method.
B) It contains data sent via the GET method.
C) It is used for session management.

8-Why is it important to sanitize input when processing form data in PHP?

A) To make the code look cleaner.
B) To prevent security vulnerabilities like SQL injection or XSS attacks.
C) To improve the performance of the PHP script.

9-Which PHP function is used to convert a string to an integer?

A) intval
B) strval
C) floatval

10-In an HTML form, what does the required attribute do?

A) It specifies that the form is mandatory.
B) It ensures that the form cannot be submitted without filling in the associated field.
C) It sets a default value for the input field.

11-What does the $_SERVER[“REQUEST_METHOD”] check in a PHP script determine?

A) The server’s request method.
B) Whether the form was submitted using the GET or POST method.
C) The server’s response method.

12-Which JavaScript API is commonly used for making asynchronous requests to a server?

A) DOM
B) Fetch API
C) jQuery

13-In the context of form submissions, what does XSS stand for?

A) Extended Style Sheet
B) Cross-Site Scripting
C) XML Stylesheet

14-What is the primary difference between the GET and POST methods in form submissions?

A) GET is used for secure data, while POST is used for non-secure data.
B) GET appends data to the URL, while POST sends data in the request body.
C) GET is suitable for large data, while POST is suitable for small data.

15-When creating a form that handles sensitive information, which HTTP method is recommended to use for submitting the form data?

A) GET
B) POST
C) PUT

Explanation:

1-B – The action attribute in an HTML form specifies the server-side script that will process the form data.

2-B – The GET method is commonly used for submitting form data via the URL.

3-C – Parameters are typically passed in a URL using the GET method as key-value pairs in the query string.

4-C – In PHP, you retrieve data sent via the GET method from a form using $_GET.

5-A – The htmlspecialchars function in PHP is used to convert HTML special characters to their respective entities, preventing XSS attacks.

6-C – The method attribute in HTML forms defines the HTTP method used to submit the form.

7-B – $_GET in PHP contains data sent via the GET method.

8-B – Sanitizing input in PHP is important to prevent security vulnerabilities like SQL injection or XSS attacks.

9-A – The intval function in PHP is used to convert a string to an integer.

10-B – The required attribute in an HTML form ensures that the form cannot be submitted without filling in the associated field.

11-B – The $_SERVER[“REQUEST_METHOD”] check in a PHP script determines whether the form was submitted using the GET or POST method.

12-B – The Fetch API is commonly used for making asynchronous requests to a server in JavaScript.

13-B – In the context of form submissions, XSS stands for Cross-Site Scripting.

14-B – The primary difference between the GET and POST methods is that GET appends data to the URL, while POST sends data in the request body.

15-B – When handling sensitive information, the POST method is recommended for submitting form data.