PHP GET vs POST Methods: Forms Tutorial with Examples

Last Updated:

Introduction

Forms are one of the most important parts of any website. Whether it’s a login page, registration form, contact form, or search box, forms allow users to send data to the server.

In PHP, form data is mainly handled using two methods: GET and POST.

Understanding how GET and POST work is essential for building real-world web applications. These methods help you collect, send, and process user input securely.

In this tutorial, you’ll learn:
– What GET and POST methods are
– The difference between GET and POST
– How to create and handle forms in PHP
– Real-world examples and security tips

By the end, you’ll be able to build and process PHP forms confidently.f this guide, you’ll be able to create basic forms, handle user input, and avoid common beginner mistakes.

Examples of form usage:

  • Login forms
  • Contact forms
  • Registration forms
  • Search boxes

How PHP Forms Work

  1. User fills a form in HTML
  2. User submits the form
  3. Data is sent to the server
  4. PHP receives and processes the data

PHP mainly uses two methods to collect form data:

  • GET
  • POST

HTML Form Structure

Basic HTML form syntax:

<form method="post" action="">
    <input type="text" name="username">
    <input type="submit" value="Submit">
</form>
  • method → how data is sent
  • action → where data is sent

PHP $_GET Method

The GET method sends form data through the URL. You can actually see the submitted values in the browser’s address bar.

Example: GET Form

<form method="get" action="">
    <input type="text" name="name">
    <input type="submit" value="Send">
</form>

PHP Code to Receive Data

if (isset($_GET['name'])) {
    echo "Hello " . $_GET['name'];
}

URL Example

example.com/page.php?name=Divyesh

When to Use GET

  • For search forms
  • When data is not sensitive
  • When you want data visible in the URL
  • When applying filters (category, sort order, etc)

Limitations of GET

  • Data is visible in the URL
  • Limited length of data
  • Not suitable for passwords or sensitive information

PHP $_POST Method

The POST method sends data in the HTTP request body. The data is not visible in the URL, which makes POST more suitable for sensitive data.

Example: POST Form

<form method="post" action="">
    <input type="text" name="email">
    <input type="submit" value="Submit">
</form>

PHP Code to Receive Data

if (isset($_POST['email'])) {
    echo "Email: " . $_POST['email'];
}

When to Use POST

  • Login forms
  • Registration forms
  • Contact forms
  • Sensitive data

GET vs POST (Quick Comparison)

FeatureGETPOST
Data visible in URLYesNo
Data lengthLimitedLarge
SecurityLessMore
Best use caseSearch, filtersLogin, forms, submissions
BookmarkableYesNo

Form Validation (Basic)

Always check if data exists before using it.

if (!empty($_POST['email'])) {
    echo "Valid email";
} else {
    echo "Email is required";
}

Security Tip (Very Important)

Never trust user input directly.

Basic protection:

$name = htmlspecialchars($_POST['name']);

This helps prevent XSS attacks.

Real-Life Example: Simple Contact Form

<form method="post">
    <input type="text" name="name" placeholder="Your Name">
    <input type="email" name="email" placeholder="Your Email">
    <input type="submit" name="submit">
</form>

if (isset($_POST['submit'])) {
    echo "Thank you, " . $_POST['name'];
}

Real-Life Example: Login Form

Let’s understand this with a real-world example.

Imagine a login form where a user enters their email and password.

Step 1: User fills the form
Step 2: Data is sent using POST method
Step 3: PHP receives the data
Step 4: System checks login details

Example:

<form method="post">
    <input type="email" name="email" placeholder="Enter Email">
    <input type="password" name="password" placeholder="Enter Password">
    <input type="submit" name="login" value="Login">
</form>

<?php
if (isset($_POST['login'])) {
    $email = $_POST['email'];
    echo "Welcome " . htmlspecialchars($email);
}
?>

Using & in URL with GET Parameters

When you use the GET method, multiple values can be sent through the URL using the & (ampersand) symbol. Each parameter is separated by &.

Example URL with Multiple Parameters

example.com/form.php?name=Rahul&age=22&city=Delhi

In this URL:

  • name=Rahul is the first parameter
  • age=22 is the second parameter
  • city=Delhi is the third parameter

All parameters are joined using &.

Accessing Multiple GET Values in PHP

<?php
if (isset($_GET['name']) && isset($_GET['age']) && isset($_GET['city'])) {
    echo "Name: " . $_GET['name'] . "<br>";
    echo "Age: " . $_GET['age'] . "<br>";
    echo "City: " . $_GET['city'];
}
?>

When Is This Useful?

Using multiple GET parameters is helpful when:

  • Creating search filters
  • Passing IDs in URLs
  • Building pagination links
  • Creating category or sorting URLs

Example:

products.php?category=mobiles&price=low

URL Encoding and Decoding in PHP (Beginner Friendly)

When you send data through a URL using the GET method, special characters and spaces can break the URL. For example:

example.com/form.php?name=Rahul Kumar

This URL is invalid because of the space. Browsers may change spaces to %20, but you should always properly encode URLs yourself.

Encoding URL Parameters

PHP provides the urlencode() function to safely encode data before adding it to a URL.

<?php
$name = "Rahul Kumar";
$encodedName = urlencode($name);$url = "form.php?name=" . $encodedName;
echo $url;
?>

Output:

form.php?name=Rahul+Kumar

Decoding URL Parameters

When PHP receives encoded values, you can decode them using urldecode().

<?php
$decodedName = urldecode($_GET['name']);
echo $decodedName;
?>

Why URL Encoding Matters

  • Prevents broken URLs
  • Handles spaces and special characters
  • Makes your links safer and more reliable
  • Important when passing names, search queries, or text in URLs

Important Notes for Beginners

  • Never pass sensitive data using GET
  • Always validate and sanitize GET values
  • URLs with many parameters can look messy
  • Users can manually change URL values, so never trust them blindly

Common Mistakes to Avoid

  • Using GET for passwords or sensitive data
  • Accessing $_POST or $_GET without checking isset()
  • Not validating form input
  • Directly displaying user input without sanitizing
  • Forgetting to use method="post" in the form
  • Avoiding these mistakes will make your forms more secure and reliable.

Conclusion

In this tutorial, you learned how PHP forms work using GET and POST methods.

GET is useful for non-sensitive data like search queries and filters, while POST is more secure and ideal for login, registration, and form submissions.

You also learned how to:

  • Handle form data using $_GET and $_POST
  • Pass multiple values in URLs
  • Encode and decode URL parameters
  • Validate and sanitize user input

Understanding PHP forms is a crucial step toward building dynamic and secure web applications.

Practice Tasks for Students

Try these small tasks to improve your understanding:

  1. Create a form that collects name and age
  2. Display the submitted values on the same page
  3. Show an error message if any field is empty
  4. Try the same form using both GET and POST
  5. Add basic validation for email

In the next tutorial, we’ll learn about PHP Sessions & Cookies.

Related Tutorials

Leave a Reply

Your email address will not be published. Required fields are marked *