Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Practical 14: Form Handling using $_GET, $_POST, $_REQUEST

Lesson 21 of 35 in the free Web Based Programming Lab notes on Siksha Sarovar, written by Rohit Jangra.

Aim

To handle a personal-information form in PHP and retrieve the submitted data using the $_GET, $_POST and $_REQUEST superglobals.

Theory

When a form is submitted, PHP parcels the field values into superglobal arrays chosen by the form's method attribute: method="get" fills $_GET, method="post" fills $_POST. Superglobals are ordinary associative arrays (field name → value) that are available in every scope without the global keyword.

GET vs POST is the key design decision. GET appends the data to the URL as a query string (?name=Rohit&city=Delhi): visible in the address bar, history and server logs, bookmarkable and shareable, but length-limited (roughly 2 KB in practice) — right for idempotent reads such as searches and filters. POST carries the data in the HTTP request body: invisible in the URL, effectively unlimited in size, able to carry file uploads, and the browser warns before re-submitting — right for personal data, passwords and anything that changes state.

$_REQUEST is a merged view of GET + POST (and, depending on the request_order ini setting, cookies). It is convenient but risky: the reader cannot tell which channel a value came from, and one source can silently shadow another that uses the same key — so explicit $_GET/$_POST is best practice. And because every form value is user-controlled, anything echoed back into HTML must pass through htmlspecialchars() to neutralise XSS.

Requirements

  • XAMPP/WAMP with Apache and PHP 8.x, or the PHP CLI / an online PHP compiler
  • Code editor (VS Code); browser or terminal

Procedure

  1. Start Apache from the XAMPP Control Panel.
  2. Save the snippet as p14_form_handling.php in C:\xampp\htdocs\wbplab.
  3. Open http://localhost/wbplab/p14_form_handling.php, or run php p14_form_handling.php — the script pre-fills the three superglobals itself, so the retrieval logic is observable without a browser form.
  4. To try it live, delete the three simulated assignments and submit a small personal-information form to the script, e.g. <form method="post" action="p14_form_handling.php"> with name, city, email and age inputs; GET fields can also be supplied straight in the URL: ?name=Rohit&city=Delhi.

Explanation of the Code

  • The first three lines simulate a submission: $_GET receives name/city, $_POST receives email/age, and $_REQUEST is rebuilt with array_merge($_GET, $_POST) — mirroring what PHP itself does according to request_order.
  • echo "Using \$_GET:\n" — the backslash stops PHP from interpolating the array inside the double-quoted string, so the label prints literally.
  • The $_GET block reads $_GET["name"] and $_GET["city"] by key; the $_POST block does the same for email and age — explicit, source-aware retrieval.
  • The foreach ($_REQUEST as $key => $value) loop walks the merged array and prints every pair — demonstrating that $_REQUEST holds both sources with no indication of origin.

Expected Output

Three labelled blocks. Using $_GET: shows Name: Rohit Kumar and City: Delhi; Using $_POST: shows Email: rohit@example.com and Age: 21 (the extra spaces come from the aligned label in the echo); Using $_REQUEST: lists all four merged pairs — name: Rohit Kumar, city: Delhi, email: rohit@example.com, age: 21 — proving it contains the union of the other two.

🎯 Viva Questions

  1. State three practical differences between GET and POST. GET data rides in the URL (visible, bookmarkable, logged) and is length-limited; POST data travels in the request body, has no practical size limit and can carry file uploads.
  2. When is GET the correct method? For idempotent reads — searches, filters, pagination — where a bookmarkable, shareable URL is a feature; never for passwords or state-changing actions.
  3. Why is relying on $_REQUEST discouraged? It merges GET, POST and possibly cookies, so a value's origin is ambiguous and one source can shadow another — a security and debugging hazard.
  4. What decides which superglobal a form field lands in? The form's method attribute: get$_GET, post$_POST; both also appear in $_REQUEST.
  5. Why does the snippet write \$_GET inside the echo strings? The backslash escapes the $ so PHP prints the superglobal's name instead of trying to interpolate its value.
  6. How should form data be redisplayed safely? Through htmlspecialchars(), which converts <, >, & and quotes into entities so injected markup cannot execute (XSS defence).

CO Mapping

CO1, CO2