What's the difference between $_POST, $_GET, and $_REQUEST?
$_POST is an associative array of variables passed to the current script via the HTTP POST method when using application/x-www-form-urlencoded or multipart/form-data as the HTTP Content-Type in the request.
You can use when you are sending large data to server or if you have sensitive information like passwords, credit card details etc
$_GET is an associative array of variables passed to the current script via the URL parameters. you can use when there is small amount of data, it is mostly used in pagination, page number is shown in the url and you can easily get the page number from URL using $_GET
$_REQUEST is a 'superglobal' or automatic global, variable. This simply means that it is available in all scopes throughout a script. It is an associative array that by default contains the contents of $_GET, $_POST and $_REQUEST (depending on request_order=
)
What is the difference between POST and GET?
GET
and POST
are two different types of HTTP requests.
According to Wikipedia:
GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause.
and
POST submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
So essentially GET
is used to retrieve remote data, and POST
is used to insert/update remote data.
HTTP/1.1 specification (RFC 2616) section 9 Method Definitions contains more information on
GET
and POST
as well as the other HTTP methods, if you are interested.In addition to explaining the intended uses of each method, the spec also provides at least one practical reason for why GET
should only be used to retrieve data:
Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead
Finally, an important consideration when using
GET
for AJAX requests is that some browsers - IE in particular - will cache the results of a GET
request. So if you, for example, poll using the same GET
request you will always get back the same results, even if the data you are querying is being updated server-side. One way to alleviate this problem is to make the URL unique for each request by appending a timestamp. Among $_REQUEST, $_GET and $_POST which one is the fastest?
$_REQUEST
, by default, contains the contents of $_GET
, $_POST
and $_COOKIE
.
But it's only a default, which depends on variables_order
; and not sure you want to work with cookies.
If I had to choose, I would probably not use $_REQUEST
, and I would choose $_GET
or $_POST
-- depending on what my application should do (i.e. one or the other, but not both) : generally speaking :
- You should use
$_GET
when someone is requesting data from your application. - And you should use
$_POST
when someone is pushing (inserting or updating ; or deleting) data to your application.
Either way, there will not be much of a difference about performances : the difference will be negligible, compared to what the rest of your script will do.
When should I use GET or POST method? What's the difference between them?
It's not a matter of security. The HTTP protocol defines GET-type requests as being idempotent, while POSTs may have side effects. In plain English, that means that GET is used for viewing something, without changing it, while POST is used for changing something. For example, a search page should use GET, while a form that changes your password should use POST.
Also, note that PHP confuses the concepts a bit. A POST request gets input from the query string and through the request body. A GET request just gets input from the query string. So a POST request is a superset of a GET request; you can use $_GET
in a POST request, and it may even make sense to have parameters with the same name in $_POST
and $_GET
that mean different things.
For example, let's say you have a form for editing an article. The article-id may be in the query string (and, so, available through $_GET['id']
), but let's say that you want to change the article-id. The new id may then be present in the request body ($_POST['id']
). OK, perhaps that's not the best example, but I hope it illustrates the difference between the two.
What is the meaning of a POST request also has $_GET parameters
Perhaps the simplest way to understand this is that $_GET
is simply badly named. All it actually represents is the values of "query string" parameters parsed from the part of a URL after a ?
. Since every request has a URL, whatever type it is, any request can populate $_GET
.
$_POST
, on the other hand, is populated only for POST requests, and even then only those whose request body is in a particular format.
When you use method=get
in HTML, the browser just creates a URL based on the form data, and asks for that URL with a GET request the same as you typing it into the address bar. With method=post
, the form data is sent separately from the URL, but the URL might still contain a ?
and a query string.
Why should I use $_GET and $_POST instead of $_REQUEST?
I use $_REQUEST when I just want certain data from the user to return certain data.
Never use $_REQUEST when the request will have side effects. Requests that produce side effects should be POST (for semantic reasons, and also because of basic CSRF stuff, a false img tag can hit any GET endpoint without a user even knowing).
$_GET should be used when GETing or POSTing to a page will produce different results.
What is the difference between GET/POST in HTTP or HTTPS requests?
SSL operates between the TCP and HTTP protocol layers. The browser will first lookup the server ip via DNS. This is a plain text lookup that can be sniffed. It will then contact the server on port 443 and establish an encrypted channel. Only then will it send an encrypted POST or GET request URL for the server to fulfill.
- IP addresses are not secured in any way.
- Server name is exposed in the DNS lookup.
- GET and POST URLs and server content responses are encrypted.
When and why should $_REQUEST be used instead of $_GET / $_POST / $_COOKIE?
I'd say never.
If I wanted something to be set via the various methods, I'd code for each of them to remind myself that I'd done it that way - otherwise you might end up with things being overwritten without realising.
Shouldn't it work like this:
$_GET = non destructive actions (sorting, recording actions, queries)
$_POST = destructive actions (deleting, updating)
$_COOKIE = trivial settings (stylesheet preferences etc)
$_SESSION = non trivial settings (username, logged in?, access levels)
What is the actual difference between the different HTTP request methods besides semantics?
You are right that most of the differences are on the semantic level, and if your components decide to assign other semantics, this will work as well. Unless there are components involved that you do not control (libraries, proxies, load balancers, etc).
For instance, some component might take advantage of the fact that PUT it idempotent and thus can re retried, while POST is not.
Related Topics
Strange Behaviour with Numbers That Have a Leading Zero
Sort Multi-Dimensional Array by Specific Key
Print Newline in PHP in Single Quotes
Regular Expression to Check If the String Has Chinese Chars
Submitting JSON Data via Jquery Ajax.Post to PHP
PHP Inserting Multiple Checkbox and Textbox Arrays into MySQL Database
Php: Variable Not Working Inside of Function
Mysql_Num_Rows() Expects Parameter 1 to Be Resource, Boolean Given In
Sorting Multidim Array: Prioritize If Column Contains Substring, Then Order by a Second Column
How to Add a New Method to a PHP Object on the Fly
Warning: MySQL_Query(): 3 Is Not a Valid MySQL-Link Resource
Sending Multiple Attachment in an Email Using PHP