0

Question about GET and POST in PHP. i wonder what is the difference between POST and GET and when do you use them respectively? so as far from i tried, GET can also show the data in the link.

for example, the name of my link is Localhost/index.php then inside my php file is an input box and a submit button. if for example i use GET, if i click the submit button, it will take the data i put in inputbox(for example, name) and add it to the link. so the link now is Localhost/index.php/?name=Tina i think this is how GET works. but if i use POST, it will not show the input data in the link and it will remain Localhost/index.php. (atleast, from what i practice)

i wonder what are other differences between the two and when they should be use? for example im making a website(ex: sign up website) that will take information and send it to a database in MySQL..or the webpage should carry over the from this webpage to another webpage. should i use GET or POST?

Dreac Leoson
  • 9
  • 6
  • POST can be longer, there is a [limit to the QueryString](https://stackoverflow.com/questions/812925/what-is-the-maximum-possible-length-of-a-query-string) (the bit after the ? is the querystring) – RiggsFolly Jan 21 '22 at 12:35
  • You cannot send files using the querystring (GET) – RiggsFolly Jan 21 '22 at 12:36
  • 1
    At the most basic level **GET** is for get _getting_ a resource/information **POST** is for sending it. There's a bit more to it with a [RESTful API](https://mlsdev.com/blog/81-a-beginner-s-tutorial-for-understanding-restful-api) but that's the basics. – CD001 Jan 21 '22 at 12:40
  • Does this answer your question? [When should I use GET or POST method? What's the difference between them?](https://stackoverflow.com/questions/504947/when-should-i-use-get-or-post-method-whats-the-difference-between-them) – Nico Haase Jan 21 '22 at 12:53

2 Answers2

1

You are kind of overthinking it. It is as simple as: POST - used to post(send) data to the database. GET - used to get(fetch) data from the database.

So in the case of the form, what you need to do is a POST request, so you send the data to MySQL. And in order to retrieve that data, you will perform a GET request.

See this https://www.geeksforgeeks.org/http-get-post-methods-php/ for a comprehensive explanation.

kibuikaCodes
  • 124
  • 1
  • 7
1

Keeping it very short:

You never-ever should pass any sensitive information over GET method, because it's visible by logs, by your internet provider/router, third parties.. such as google analytics and more.

A common use of GET is when you allow users to change the parameters of a page they see.. i.e. search parameters or the number of products per page.

POST when you want to send information to the server "privately" and (preferably) with a nonce to make it sendable only once.

But regardless of a method - POST or GET - sanitise, sanitise, sanitise.. that is what you need to really worry about. User input should not be accepted as is when you receive it, kinda #1 rule on the internet.

Maximus Light
  • 411
  • 3
  • 9
  • What do you mean by "privately"? Your router, your provider and all other third parties are able to inspect POST requests the same way, even Google Analytics could do that (as it works in the browser and does not care which HTTP method you are using) – Nico Haase Jan 21 '22 at 12:55
  • If you use SSL your internet provider and router WILL know the pages you visit, but NOT your POST content as it will be encrypted. Without SSL - yes, all will be visible in the XHR. Third parties won't see your POST requests unless they would start tracking what you type in each form on the website, or sending a copy of user input to their server before allowing the form to continue submitting. – Maximus Light Jan 21 '22 at 13:01
  • Please add all clarification to your answer by editing it. Also, as Google Analytics works in the browser, it can inspect everything you do in that window – Nico Haase Jan 21 '22 at 13:03
  • @NicoHaase, this is not a dissertation of mine to write multiple pages who and what can see your input. This is an answer between GET and POST methods use cases. And re google analytics again, no, they don't track absolutely everything. Even if they CAN because you include their javascript library that they can add methods and functions as they wish, doesn't mean they track every input by default. You don't even need to go very far to see what your browser communicates through Javascript, just enable "Log XMLHttpRequest" in your browser. – Maximus Light Jan 21 '22 at 13:11
  • Feel free to add all clarification to your answer such that others can learn from it. Such relevant parts should not be put in the comment section – Nico Haase Jan 21 '22 at 13:25