_SERVER and _POST in PHP

Question

I am new to PHP programming and don't know much in detail about _SERVER. Can _SERVER associate array be used in a PHP program to access data submitted from HTML forms through post method??

$_SERVER only contains the QUERY_STRING, which is used for GET parameters. Please reread the according [manual section on PHPs supergobals](http://php.net/manual/en/language.variables.superglobals.php). — mario, Jul 14 '12 at 00:19
[`$_SERVER`](http://www.php.net/reserved.variables.server.php) contains information about the server and HTTP request. If the form was a GET request (via query string), that info is available in `$_SERVER`, but otherwise posted form data comes in `$_POST`. — Michael Berkowski, Jul 14 '12 at 00:20

score 1 · Accepted Answer · answered Jul 14 '12 at 00:18

1

Nope, you want $_POST for that.

$_POST gets you post data

$_GET gets you get data

$_REQUEST gets you get, post, and cookies

answered Jul 14 '12 at 00:18

Brian Adkins

673
2
6
13

score 0 · Answer 2 · answered Jul 14 '12 at 00:23

0

When you submit a form, you can use $_SERVER[] to get information from the server such as the users IP address. You would use this once the form has been submitted. You would use $_POST[] to ensure the form is submitted and collect the data/variables from the form that has beens submitted. For example:

if(isset($_POST['submit'])) {
  $fname = $_POST['fname']; //<input type="text" name="fname" />
  $ip = $_SERVER['REMOTE_ADDR'];
  mysql_query("INSERT INTO ... using variables $fname and $ip...") or die("Error: " . mysql_error());
  header("location:?e=1"); //where you would use $_GET[] to tell the page an error message needs to be shown on screen.
  exit;
}

answered Jul 14 '12 at 00:23

Oliver Tappin

2,351
1
22
41

1

Any sites you worked on are in grave danger after seeing this code... Whatever you do: NEVER trust the network – Elias Van Ootegem Jul 14 '12 at 00:38
Care to elaborate? If I'm doing something horribly wrong, I'd rather fix it sooner rather than later! – Oliver Tappin Jul 14 '12 at 01:22
Check this out : http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php – Brian Adkins Jul 15 '12 at 03:03
As the link provided by BrainAdkins shows, using raw user input is about as dangerous as it gets in terms of injection and other exploits/hacks. There's a wide array of tools and techniques to ensure no malicious code is executed, using a PDO instance is easily implemented and is way more secure than what you're doing here – Elias Van Ootegem Jul 15 '12 at 09:38
Oh, if you're talking about SQL injection, yes of course - I understand that, I didn't think adding it within this example would be necessary. – Oliver Tappin Jul 16 '12 at 14:56

_SERVER and _POST in PHP

2 Answers2