I am new to PHP programming and don't know much in detail about _SERVER. Can _SERVER associate array be used in a PHP program to access data submitted from HTML forms through post method??
Asked
Active
Viewed 211 times
0
-
$_SERVER only contains the QUERY_STRING, which is used for GET parameters. Please reread the according [manual section on PHPs supergobals](http://php.net/manual/en/language.variables.superglobals.php). – mario Jul 14 '12 at 00:19
-
3[`$_SERVER`](http://www.php.net/reserved.variables.server.php) contains information about the server and HTTP request. If the form was a GET request (via query string), that info is available in `$_SERVER`, but otherwise posted form data comes in `$_POST`. – Michael Berkowski Jul 14 '12 at 00:20
2 Answers
1
Nope, you want $_POST for that.
$_POST gets you post data
$_GET gets you get data
$_REQUEST gets you get, post, and cookies

Brian Adkins
- 657
- 2
- 6
- 13
0
When you submit a form, you can use $_SERVER[] to get information from the server such as the users IP address. You would use this once the form has been submitted. You would use $_POST[] to ensure the form is submitted and collect the data/variables from the form that has beens submitted. For example:
if(isset($_POST['submit'])) {
$fname = $_POST['fname']; //<input type="text" name="fname" />
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("INSERT INTO ... using variables $fname and $ip...") or die("Error: " . mysql_error());
header("location:?e=1"); //where you would use $_GET[] to tell the page an error message needs to be shown on screen.
exit;
}

Oliver Tappin
- 2,511
- 1
- 24
- 43
-
1Any sites you worked on are in grave danger after seeing this code... Whatever you do: NEVER trust the network – Elias Van Ootegem Jul 14 '12 at 00:38
-
Care to elaborate? If I'm doing something horribly wrong, I'd rather fix it sooner rather than later! – Oliver Tappin Jul 14 '12 at 01:22
-
Check this out : http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php – Brian Adkins Jul 15 '12 at 03:03
-
As the link provided by BrainAdkins shows, using raw user input is about as dangerous as it gets in terms of injection and other exploits/hacks. There's a wide array of tools and techniques to ensure no malicious code is executed, using a PDO instance is easily implemented and is way more secure than what you're doing here – Elias Van Ootegem Jul 15 '12 at 09:38
-
Oh, if you're talking about SQL injection, yes of course - I understand that, I didn't think adding it within this example would be necessary. – Oliver Tappin Jul 16 '12 at 14:56