$_POST
Last updated onThe term $_POST
is quite familiar territory when one works with forms in PHP. This tutorial talks about what $_POST
does, how to use it, and all other things one should know to make the most out of this superglobal in PHP.
In the end, one will go forth with confidence while handling form data with $_POST
in applications.
Definition of $_POST in PHP
In PHP, the superglobal variable
collects data sent to the server via the HTTP POST method. In other words, it means that when a user submits a form through your website, the data that the user enters into that form gets captured after submission. $_POST
You can then go on to access this data and manipulate it to achieve many ends, such as saving user information into a database or even processing payments.
is particularly useful because it can support a high volume of data, whereas the $_POST
method has size limitations.$_GET
In the following section, you will learn how you can create an HTML form to make use of the
superglobal, and how PHP deals with that information once it's submitted.$_POST
Setting Up an HTML Form to Use with $_POST
In order to implement the use of
, the first thing you need to do is have an HTML form for which the $_POST
method
attribute is set to POST.
Here is an example:
<form action="process_form.php" method="POST">
<label for="name">Name:</label>
<input id="name" name="name" type="text" />
<label for="email">Email:</label>
<input type="email" id="email" name="email">
<input type="submit" value="Submit">
</form>
Here, the form method is POST
, meaning whatever the user enters in this form will be securely forwarded to the server when they click "Submit." Now let's see how PHP fetches this data and its handling.
Accessing Form Data with PHP $_POST
So in the next step, PHP processes the submitted data via the superglobal
after form submission. $_POST
This superglobal works as an associative array where the name
attribute of each input field will serve as a key. For example, you can get the user name and email that a user enters through the form above by the following PHP code:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST['name'];
$email = $_POST['email'];
echo "Name: " . htmlspecialchars($name) . "<br>";
echo "Email: " . htmlspecialchars($email);
}
Here we use
, which helps in sanitizing the data to avoid XSS attacks. You will see about securing the htmlspecialchars()
data as we move further, but here you can see how easily you pull data directly out of the submission.$_POST
Below, we will discuss how to secure the data from
.$_POST
The Security of $_POST Data
While the superglobal variable
indeed makes it easy to handle forms, one must ensure that the data is secure, as malicious attacks can be carried out using this variable. $_POST
Since
data is directly obtained from the user, it may contain anything—including harmful scripts. Here are some tips to keep your data safe: $_POST
- Sanitize Inputs: The
orhtmlspecialchars()
functions are available to sanitize inputs.filter_var()
- Data Validation: Verify information to ensure that it is as expected before the use of that information. Example: one may want to verify an email address is valid.
- Database Usage with Prepared Statements: Use prepared statements if you are going to store data from
$_POST
in a database; this will prevent any SQL injection attacks.
For example, here's how you might validate an email address submitted via $_POST
:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if ($email === false) {
echo "Invalid email format.";
} else {
echo "Email is valid.";
}
}
You cleaned and validated your data, so the data fetched through
will be safe for further processing. $_POST
In the following paragraphs, we’ll explore some common uses of
and discuss why it’s a reliable option for handling sensitive data. $_POST
Why Use PHP $_POST?
Because the data sent by
is not visible in the URL, it is preferable for handling personal or sensitive information. If you have to process information like user passwords, payment information, or any other private data, it is usually better to use either POST or other methods than GET because $_POST
is just safer than $_POST
.$_GET
is also better in terms of handling big data. $_POST
is limited — it has a restriction on the amount of data you can send, so $_GET
ensures that even if you're sending large payloads, it provides a reliable way to send it, especially when dealing with forms with many form fields or when the user is uploading files.$_POST
So, we will now look at a few examples of how to use
.$_POST
Example of Using PHP $_POST
Following are a few examples that show the use of
in PHP. To solidify your understanding, here are some examples demonstrating how to use $_POST
in PHP. $_POST
Suppose you are creating a contact form in which users enter their name, email, and message. With the help of
, you can access the submitted data and show it easily: $_POST
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = htmlspecialchars($_POST['name']);
$email = htmlspecialchars($_POST['email']);
$message = htmlspecialchars($_POST['message']);
echo "Thank you, $name. We've received your message: $message";
}
This example shows how you can request, and even thank them for, user input within a very short period of time. Just remember to always clean data with htmlspecialchars()
to avoid any potential problems.
Finally, we summarize with some best practices in using the superglobal
. $_POST
Wrapping Up
If you want to process data from forms in PHP, you should use
because it can transmit larger and much more sensitive information.$_POST
data is not visible in the URL like $_POST
, therefore, using $_GET
is better for handling passwords, payments, sensitive information, etc.$_POST
You now have a good understanding of PHP
. You are ready to use it to safely manage user input in your PHP applications. You can always practice on real-world projects to familiarize yourself with a concept, and before long, you will be ruling over how to handle form data!$_POST
Frequently Asked Questions (FAQs)
What is PHP $_POST and how does it work?
How do I retrieve data from $_POST in PHP?
Why should I use $_POST instead of $_GET?
How can I validate $_POST data in PHP?
How do I sanitize $_POST data to prevent security issues?
Can I use $_POST for file uploads in PHP?
Is $_POST data automatically secured?
How do I handle empty fields in a $_POST request?