Stats

150 Contributors: 5 Friday, April 21, 2017
Licensed under: CC-BY-SA
Not affiliated with Stack Overflow
Rip Tutorial: riptutorial@gmail.com
Roadmap: roadmap

Reading Request Data

Remarks

Choosing between GET and POST

GET requests, are best for providing data that's needed to render the page and may be used multiple times (search queries, data filters...). They are a part of the URL, meaning that they can be bookmarked and are often reused.

POST requests on the other hand, are meant for submitting data to the server just once (contact forms, login forms...). Unlike GET, which only accepts ASCII, POST requests also allow binary data, including file uploads.

You can find a more detailed explanation of their differences here.

Request Data Vulnerabilities

Also look at: what are the vulnerabilities in direct use of GET and POST?

Retrieving data from the $_GET and $_POST superglobals without any validation is considered bad practice, and opens up methods for users to potentially access or compromise data through code and or SQL injections. Invalid data should be checked for and rejected as to prevent such attacks.

Request data should be escaped depending on how it is being used in code, as noted here and here. A few different escape functions for common data use cases can be found in this answer.

Related Examples