Skip to main content
PHP for Beginners
CHAPTER 13 Beginner

PHP GET and POST Methods

Updated: May 12, 2026
20 min read

# Chapter 13: PHP GET and POST Methods

1. Introduction

Welcome to Chapter 13! In the previous chapter, we used method="POST" to send our contact form data securely to the server. But forms can also use method="GET". These two HTTP methods dictate how data is packaged and sent from the browser to your PHP application. Choosing the wrong method can result in massive security flaws or broken website functionality. In this chapter, we will master the difference between GET and POST, learn how to use URL parameters, and build a functioning search system.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Explain the technical differences between GET and POST requests.
  • Retrieve data from the URL using the $_GET superglobal array.
  • Understand when it is appropriate to use GET (Searching/Filtering).
  • Understand when it is mandatory to use POST (Logins, Databases).
  • Pass variables between pages using URL Query Strings.

3. The POST Method (Review)

When a form uses method="POST", the browser packages the data into the HTTP request "body".
  • The data is invisible to the user.
  • It does not appear in the URL.
  • There is no size limit (you can upload 50MB video files).
  • Used for sensitive data (passwords) and actions that change data on the server (creating an account, updating a profile).

4. The GET Method

When a form uses method="GET", the browser takes the form data and appends it directly to the URL in the address bar. This is called a Query String.
html
1234 
<form action="search.php" method="GET">
    <input type="text" name="query">
    <button type="submit">Search</button>
</form>

If the user types laptop and clicks submit, the browser redirects to: search.php?query=laptop

5. Capturing GET Data

Inside search.php, you use the $_GET array to capture the data from the URL.
php
1234567 
<?php
// Check if the 'query' parameter exists in the URL
if (isset($_GET[&#039;query'])) {
    $search_term = htmlspecialchars($_GET[&#039;query']);
    echo "You searched for: " . $search_term;
}
?>

6. URL Parameters (Query Strings)

You don't even need a form to use GET data! You can create standard HTML links that pass data to the next page. A query string starts with a ?. Multiple variables are separated by an &.

profile.php?user_id=45&theme=dark

php
1234567 
<?php
// profile.php
$id = $_GET[&#039;user_id'];
$theme = $_GET[&#039;theme'];

echo "Viewing user $id in $theme mode.";
?>

7. Real-World Examples

When to use GET:
  • Search bars (Users can bookmark the search results page: amazon.com/search?q=shoes).
  • Filtering products (shop.php?category=shirts&size=L).
  • Pagination (blog.php?page=3).

When to use POST:

  • Login forms (You NEVER want login.php?password=mySecret showing in browser history!).
  • Checkout systems (Processing credit cards).
  • Uploading profile pictures.

8. Output Explanations

When clicking a link like <a href="delete.php?id=10">Delete</a>, the browser requests delete.php. PHP sees ?id=10 in the URL, creates $GET['id'] with the value 10. However, using a GET link to *delete* data is a terrible practice. A web crawler (like Googlebot) following links on your site might accidentally click all your delete links! Deletions should always be POST requests.

9. Common Mistakes

  • Passwords in GET: Creating a login form with method="GET". The user's password will be saved in plain text in their browser history and server logs.
  • Assuming GET data is safe: Data in the URL can be edited by ANYONE manually typing in the address bar. Always validate and htmlspecialchars() GET data just like POST data.
  • Undefined Array Keys: Echoing $GET['id'] when the user visited the page normally without clicking a link (so ?id= is not in the URL). Always use isset($_GET['id']) first.

10. Best Practices

  • Rule of Thumb: If the request just *retrieves* information (search, read), use GET. If the request *changes* information (create, update, delete), use POST.
  • If using GET for database queries, you must use Prepared Statements to prevent SQL injection (we will learn this later).

11. Exercises

  1. 1. Create a link <a href="welcome.php?name=YourName">Click Me</a>.
  1. 2. On welcome.php, write a PHP script that checks if name is set in the URL, and if so, echoes a welcome message.

12. Mini Project: Search Form System

Task: Build a single-page fake product database. Let the user search for a product using a GET form, and display the result based on the URL query.
php
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 
<?php
// Fake database of products
$inventory = ["Laptop", "Mouse", "Keyboard", "Monitor", "Headphones"];
$search_results = [];

// Check if a search was performed
if (isset($_GET[&#039;query']) && !empty($_GET['query'])) {
    $search_term = htmlspecialchars(strtolower($_GET[&#039;query']));

    // Loop through inventory to find matches
    foreach ($inventory as $item) {
        if (strpos(strtolower($item), $search_term) !== false) {
            $search_results[] = $item; // Add to results array
        }
    }
}
?>

<!DOCTYPE html>
<html>
<body>
    <h2>Product Search</h2>
    
    <!-- GET Form -->
    <form action="" method="GET">
        <input type="text" name="query" placeholder="Search products..." 
               value="<?php echo isset($_GET[&#039;query']) ? htmlspecialchars($_GET['query']) : ''; ?>">
        <button type="submit">Search</button>
    </form>

    <hr>

    <?php
    // Display Results
    if (isset($_GET[&#039;query'])) {
        echo "<h3>Results for: " . htmlspecialchars($_GET[&#039;query']) . "</h3>";
        
        if (count($search_results) > 0) {
            echo "<ul>";
            foreach ($search_results as $result) {
                echo "<li>$result</li>";
            }
            echo "</ul>";
        } else {
            echo "<p>No products found.</p>";
        }
    }
    ?>
</body>
</html>

13. Coding Challenges

Challenge 1: Create an HTML list of three categories: Electronics, Clothing, Books. Make each list item a hyperlink pointing to category.php?cat=Name. On category.php, securely echo "You are viewing the [Name] category."

14. MCQs with Answers

1. Which HTTP method appends form data to the URL? A) POST B) GET C) PUSH D) APPEND *Answer: B*

2. Why must sensitive data (like passwords) be sent via POST? A) POST is encrypted by default. B) GET is slower than POST. C) GET appends data to the URL, meaning passwords would be visible on screen, in browser history, and server logs. D) PHP cannot read passwords sent via GET. *Answer: C*

3. What symbol starts a query string in a URL? A) & B) # C) ? D) = *Answer: C*

15. Interview Questions

Q: Explain the primary differences between GET and POST. *A:* GET sends data in the URL, has a size limit, is bookmarkable, and is meant for retrieving data without changing server state. POST sends data in the invisible HTTP body, has no size limit, cannot be bookmarked, and is meant for sensitive data or actions that modify server state (like database updates).

Q: Why shouldn't you use GET requests to delete data? *A:* Because GET requests are meant to be "safe" and idempotent (meaning calling them multiple times doesn't change the result). If you have a link <a href="delete.php?id=5">, search engine crawlers or browser pre-fetching tools might automatically "visit" that link, accidentally deleting data from your database. Deletions must use POST requests requiring active user submission.

16. FAQs

Q: Can I use both GET and POST on the same page? *A:* Yes! A page can have a search bar (using GET) at the top, and a newsletter signup form (using POST) at the bottom.

17. Summary

You are now fluent in HTTP data transmission! You know that POST is the secure, heavy lifter for private data and state changes, while GET is the lightweight, shareable method perfect for searches, filters, and page navigation. You successfully built dynamic links and a functioning search engine.

18. Next Chapter Recommendation

So far, data disappears when the user refreshes or closes the page. To build real apps, data must be permanent. In Chapter 14: PHP File Handling, we will take our first step into permanent storage by learning how to read, write, and create files directly on the server's hard drive!

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter PHP Forms Handling
Next Chapter PHP File Handling

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 6

Related Quizzes 6

🎥 Related Videos 1