Question:
php help in $_POST and $_GET..please:c?
anonymous
2009-03-12 03:28:22 UTC
I'm currently working on my website's log-in .. i have a database named infodb and a table named accounttbl and fields like FirstName, LastName, Eadd, UserName, Password.

i have this for my login.php

Username:
Password:


i don't know if i use the right method or it suppose to be GET?

then in logging.php
i'll be selecting the table where UserName='$customu'.

i tried to change my strategies but i can't display those arrays..
how would i do this?
Four answers:
Lie Ryan
2009-03-12 03:52:56 UTC
Technically, you can use either GET or POST, but php has a well-defined usage for each.



GET is used for getting dynamic data from the server. The reason why GET uses the URL to communicate data is so you can copy and paste the URL to pass to other people the GET query.



POST is used to post data to server, which usually the server will process and store. This data is usually irrelevant if you're passing URL around to your friends.



Examples:

Yahoo's Answer's answering textbox uses POST. This is mainly because the answering textbox contains lots of data and URL length is limited. However, the prescribed reason is because you don't want to copy-paste the URL and give it to a friend, and make them accidentally post the same thing as you.



Yahoo Answer's qid (question ID) is passed as GET. This is to allow you to copy-paste the URL and people on the other side of the world would go to the same page.
just "JR"
2009-03-12 12:12:35 UTC
You did not show how you read the post... (logging.php)

The script that receives the post should look like:

$user = $_POST [ ' customu ' ]; // the names of the fields in your form.

$pwd = $_POST [ ' pass ' ];

and your query to db should be like:

$sql = "select * from `accounttbl` where `UserName` = ' " . $user . " ' " ;

$list = mysql_query($sql);

while ( $lst = mysql_fetch_array ( $list ) )

{

echo ("first name = " . $lst [ ' FirstName ' ] . "");

echo ("last name = " . $lst [ ' LastName ' ] . "");

echo ("email = " . $lst [ ' Eadd ' ] . "");

echo ("username = " . $lst [ ' UserName ' ] . "");

}

mysql_free_result($list);

[space added for clarity, to replace with the real one (stupid editor) ]



This sentence: UserName='$customu'

is wrong. It could be $UserName = $_POST [ ' customu ' ];



$_POST versus $_GET:

$_GET is appended to the URL address and hence, visible (security risk).

$_GET is LIMITED in (different) LENGTHs by different browsers, sometimes as short as 1000 characters! BEWARE of this!

$_POST is not limited in length, and is invisible.
Blackcompe
2009-03-12 10:42:33 UTC
The difference is that GET appends form data to the URL. That's highly insecure. Go with POST.
Alfonso E
2009-03-12 10:36:59 UTC
both should work, but probably you don't want to pass the password within the url, so use post as method, then on your logging.php use $_POST['customu']. if you want to use just $customu you have to store the post variable into the php variable, like $customu=$_POST['customu'];


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...