PHP is mainly used to process data submitted from HTML forms like login forms, contact forms, registration forms, etc.
🔹 1. GET vs POST
These are two methods used to send data from a form to the server.
✅ GET Method
- Data is sent via URL
- Example: example.com/page.php?name=Aditya&age=25
- Data is visible in URL
- Limited length (~2048 characters)
- Not secure (avoid for passwords)
📌 Example
<form method="GET" action="process.php">
<input type="text" name="name">
<button type="submit">Submit</button>
</form>
<?php
echo $_GET['name'];
?>
✅ POST Method
- Data is sent hidden (in request body)
- More secure than GET
- No size limit (practically)
- Used for forms with sensitive data
📌 Example
<form method="POST" action="process.php">
<input type="text" name="name">
<button type="submit">Submit</button>
</form>
<?php
echo $_POST['name'];
?>
🔥 GET vs POST (Quick Table)
| Feature | GET | POST |
|---|---|---|
| Data visible | ✅ Yes | ❌ No |
| Security | ❌ Low | ✅ Better |
| Length | Limited | Large |
| Use case | Search, filters | Login, forms |
🔹 2. Form Validation
Validation means checking user input before processing.
👉 Why important?
- Prevent wrong data
- Improve user experience
- Protect system
✅ Common Validations
- Required fields
- Email format
- Password length
- Numbers only
📌 Example
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST['name']; if (empty($name)) {
echo "Name is required";
} else {
echo "Hello " . $name;
}
}
?>
✅ Email Validation Example
$email = $_POST['email'];if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "Invalid email format";
}
🔹 3. Sanitization
Sanitization means cleaning user input to prevent security issues like:
- XSS (Cross-Site Scripting)
- SQL Injection
✅ Common Functions
🔸 htmlspecialchars()
Prevents HTML injection
$name = htmlspecialchars($_POST['name']);
🔸 trim()
Removes extra spaces
$name = trim($_POST['name']);
🔸 strip_tags()
Removes HTML tags
$name = strip_tags($_POST['name']);
📌 Best Practice (Combine)
$name = trim($_POST['name']);
$name = strip_tags($name);
$name = htmlspecialchars($name);
🔹 4. File Upload Handling
Used for uploading:
- Images
- PDFs
- Documents
📌 HTML Form (Important)
<form method="POST" enctype="multipart/form-data">
<input type="file" name="file">
<button type="submit">Upload</button>
</form>
👉 enctype="multipart/form-data" is mandatory
📌 PHP File Upload Code
<?php
if ($_FILES['file']) { $fileName = $_FILES['file']['name'];
$tmpName = $_FILES['file']['tmp_name']; move_uploaded_file($tmpName, "uploads/" . $fileName); echo "File uploaded successfully!";
}
?>
🔐 File Upload Security (VERY IMPORTANT)
Always check:
✅ File type
$allowed = ['jpg', 'png', 'pdf'];
$ext = pathinfo($fileName, PATHINFO_EXTENSION);if (!in_array($ext, $allowed)) {
echo "Invalid file type";
}
✅ File size
if ($_FILES['file']['size'] > 2 * 1024 * 1024) {
echo "File too large";
}
✅ Rename file (to avoid hacking)
$newName = time() . "_" . $fileName;
🚀 Final Summary
- GET → Visible, used for search/filter
- POST → Secure, used for forms
- Validation → Check input correctness
- Sanitization → Clean input (security)
- File Upload → Use
$_FILES+ validation
