When a form is submitted to a PHP script, the information from
that form is automatically made available to the script. There
are many ways to access this information, for example:
Depending on your particular setup and personal preferences, there
are many ways to access data from your HTML forms. Some examples are:
Example 12-10. Accessing data from a simple POST HTML form
<?php
// Available since PHP 4.1.0
echo $_POST['username'];
echo $_REQUEST['username'];
import_request_variables('p', 'p_');
echo $p_username;
// Available since PHP 3. As of PHP 5.0.0, these long predefined
// variables can be disabled with the register_long_arrays directive.
echo $HTTP_POST_VARS['username'];
// Available if the PHP directive register_globals = on. As of
// PHP 4.2.0 the default value of register_globals = off.
// Using/relying on this method is not preferred.
echo $username;
?>
Using a GET form is similar except you'll use the appropriate
GET predefined variable instead. GET also applies to the
QUERY_STRING (the information after the '?' in a URL). So,
for example, http://www.example.com/test.php?id=3
contains GET data which is accessible with $_GET['id'].
See also $_REQUEST and
import_request_variables().
Note: Superglobal arrays,
like $_POST and $_GET, became
available in PHP 4.1.0
As shown, before PHP 4.2.0 the default value for register_globals
was on. And, in PHP 3 it was always on. The PHP
community is encouraging all to not rely on this directive
as it's preferred to assume it's off and code
accordingly.
Note:
The magic_quotes_gpc
configuration directive affects Get, Post and Cookie values. If
turned on, value (It's "PHP!") will automagically become (It\'s \"PHP!\").
Escaping is needed for DB insertion. See also
addslashes(), stripslashes() and
magic_quotes_sybase.
PHP also understands arrays in the context of form variables
(see the related faq). You may,
for example, group related variables together, or use this
feature to retrieve values from a multiple select input. For
example, let's post a form to itself and upon submission display
the data:
When submitting a form, it is possible to use an image instead
of the standard submit button with a tag like:
<input type="image" src="image.gif" name="sub" />
When the user clicks somewhere on the image, the accompanying
form will be transmitted to the server with two additional
variables, sub_x and sub_y. These contain the coordinates of the
user click within the image. The experienced may note that the
actual variable names sent by the browser contains a period
rather than an underscore, but PHP converts the period to an
underscore automatically.
PHP transparently supports HTTP cookies as defined by Netscape's Spec. Cookies are a
mechanism for storing data in the remote browser and thus
tracking or identifying return users. You can set cookies using
the setcookie() function. Cookies are part of
the HTTP header, so the SetCookie function must be called before
any output is sent to the browser. This is the same restriction
as for the header() function. Cookie data
is then available in the appropriate cookie data arrays, such
as $_COOKIE, $HTTP_COOKIE_VARS
as well as in $_REQUEST. See the
setcookie() manual page for more details and
examples.
If you wish to assign multiple values to a single cookie variable, you
may assign it as an array. For example:
That will create two separate cookies although MyCookie will now
be a single array in your script. If you want to set just one cookie
with multiple values, consider using serialize() or
explode() on the value first.
Note that a cookie will replace a previous cookie by the same
name in your browser unless the path or domain is different. So,
for a shopping cart application you may want to keep a counter
and pass this along. i.e.
Typically, PHP does not alter the names of variables when they
are passed into a script. However, it should be noted that the
dot (period, full stop) is not a valid character in a PHP
variable name. For the reason, look at it:
<?php $varname.ext; /* invalid variable name */ ?>
Now, what the parser sees is a variable named
$varname, followed by the string concatenation
operator, followed by the barestring (i.e. unquoted string which
doesn't match any known key or reserved words) 'ext'. Obviously,
this doesn't have the intended result.
For this reason, it is important to note that PHP will
automatically replace any dots in incoming variable names with
underscores.
Because PHP determines the types of variables and converts them
(generally) as needed, it is not always obvious what type a given
variable is at any one time. PHP includes several functions
which find out what type a variable is, such as:
gettype(), is_array(),
is_float(), is_int(),
is_object(), and
is_string(). See also the chapter on
Types.