How to avoid using $_GET to extract data from the URL

Question

I am currently working on a form that requires few fields to be filled by the user and few based on the selection made by the user on the previous page. The URL looks like below:

http://localhost:8080/series/dynamics/admin/cleanURL/post.php?subgroup=redapple&adverid=254427035

where redapple is the $_GET variable. However what I wd like the url to look like is ;

http://localhost:8080/series/dynamics/admin/cleanURL/post.php?adverid=254427035

i.e. no info about subgroup selection in the url. But still would like to have the subgroup field to be filled with the choice made by user.

My php looks like this:

    <?php require('../config/connection.php'); 

              if(isset($_POST['variable'])){
                $values = mysqli_real_escape_string($dbc, $_POST['variable']);
                $query = "SELECT * FROM prdct_categories WHERE product = '$values'";
                $result = mysqli_query($dbc, $query);
                $rand = rand(0, 1000000);
                $html = '<ul>';
                while($row = mysqli_fetch_assoc($result)){
                $clickable_url = 'post.php?subgroup='.$row['subgroup'].'&advertid='.$rand;
                $html .= '<li class="nav">';
                $html .= '<a href="'. $clickable_url .'">'.$row['subgroup'].'</a>';
                $html .= '</li>';
                } 
                $html .='<ul/>';
                echo $html;

                mysqli_close($dbc);
                }

Show us your form, please. – random_user_name May 10 '16 at 13:38 — random_user_name, May 10 '16 at 13:38

score 1 · Answer 1 · answered May 10 '16 at 14:19

If you don't want to pass information in the URLs then you'll need to use a Cookie or Session. Post the form to a page that gathers the posted data and then set a session or cookie before redirecting the user to the correct page.

http://php.net/manual/en/features.cookies.php

Or

http://php.net/manual/en/features.sessions.php

Alexander Kleinhans · Answer 2 · 2016-05-10T15:32:34.680

You can also use a POST request, for example, if I made a form like:

<form action="form_url.php" method="get">
  First name: <input type="text" name="fname"><br>
  Last name: <input type="text" name="lname"><br>
  <input type="submit" value="Submit">
</form>

In form_url.php, I could access the variables like so:

<?php
    var_dump($_POST);

The benefit of using POST over GET is that in can be encrypted over SSL whereas all parameters inside a GET request are encoded and visible in the URL. Also, since the URL can only be 265 characters max, that's also the limit of the data size.

If you want to upload something such as an image, you'll want to use a file input in a form field (like the one above) so that data can be sent over a file-stream instead of a url.

EDIT:

If you want another way to just get the url data, you don't have to use get. The full URL can be given by:

<?php
    var_dump($_SERVER['HTTP_HOST']);
    var_dump($_SERVER['REQUEST_URI']);

Although the REQUEST_URI is probably what you want. Note that any data passed through here can also be obtained from GET, but you don't have to use GET to get the data. You would then want to parse the URL with something like:

<?php
    var_dump(explode('\', $_SERVER['REQUEST_URI']));

See my edit. You can also get URL info from `$_SERVER['REQUEST_URI']`. — Alexander Kleinhans, May 10 '16 at 15:32

How to avoid using $_GET to extract data from the URL

2 Answers2