There are two concepts that are common to almost all programs - this is the processing of input data and the output of results. On this page, we will focus on handling input from CGI programs. First, where does the input come from, and second, how is the input passed to the server. To write effective CGI programs, you must be clear about these things.
The server accepts three types of requests: GET, POST and HEAD. The program request to the Web server looks like this:
GET /index.html HTTP/1.0
The first part, in this case GET , is the request method, the second, index.html , is the requested URL, and the third, HTTP/1.0 , is the protocol used by the client.
The two main request methods are GET and POST. These are the same methods that are available to you when creating a form. The HEAD method is rarely used by the browser because it only requests the response header and does not send the response body. For example, to check whether a page has changed, the browser may request the header, but this does not produce a full exchange of data.
By default, the request method is GET. The POST method is only used when explicitly specified in the form request. It is very important for a CGI programmer to understand that when making a GET request, the form data is sent to the server along with the URL. Web servers that support CGI copy this data to an environment variable called QUERY_STRING. After this, the CGI program is responsible for retrieving the data from the environment variable and processing it.
The URL with the query string looks like this:
Http://www.domen-name.com/login.pl?nick=maks&psw=parol
Sign? separates the query string from the actual resource URL; nick and psw are variables passed to the server, maks and password are their values, respectively.
The POST method is used when explicitly specified in the form's METHOD attribute. Unlike the GET method, POST places data not in the URL, but in the body of the request. A POST request is similar to an HTTP response in many ways. The first line is a standard HTTP request that specifies the POST method. It may contain the necessary additional headers, separated from the request body by an empty line.
The body of the request when using the POST method is passed to the program as standard input.
It is clear that when developing forms, the CGI programmer will be faced with the question: which of these methods to use. In most cases, both methods are applicable and both will work well. However, there are situations when using one or another method provides certain advantages.
Let's look at several situations where it makes sense to prefer the GET or POST method.
The use of GET and POST methods in PHP is difficult to overestimate, since these methods are found on almost every website. Before studying the material described below, I advise you to familiarize yourself with the html tag
You've probably already encountered HTML forms:
By saving this code in an HTML file and viewing it using your favorite browser, you will see a familiar HTML form:
Tag
Tag - specifies a form element defined by the type attribute:
Other values are possible (and - not the only tag that specifies a form element).
So what happens when we click "OK"?
Sending the same request manually (using telnet) looks like this (assuming the site's domain name is www.example.com):
Telnet www.example.com 80 GET /cgi-bin/form_handler.cgi?name=Vasya&okbutton=OK HTTP/1.0\r\n Host: www.example.com\r\n \r\n
As you've probably already guessed, clicking the submit button on a form with a "GET" submit method is the same as typing the corresponding URL (with a question mark and form data at the end) into the browser's address bar:
Http://www.example.com/cgi-bin/form_handler.cgi?name=Vasya&okbutton=OK
In fact, the GET method is used whenever you request a document from the server by simply entering its URL or clicking on a link. Using
Perhaps all these technical details and exercises with telnet seem incredibly boring and even unnecessary to you (“what does PHP have to do with it?”). But in vain. :) These are the basics of working with the HTTP protocol, which every Web programmer needs to know by heart, and this is not theoretical knowledge - all this will be useful in practice.
Now let's replace the first line of our form with the following:
We specified the sending method as "POST". In this case, the data is sent to the server in a slightly different way:
Telnet www.example.com 80 POST /cgi-bin/form_handler.cgi HTTP/1.0\r\n Host: www.example.com\r\n Content-Type: application/x-www-form-urlencoded\r\ n Content-Length: 41263\r\n \r\n name=Vasya&okbutton=OK
When using the POST method, the form data is sent after “two Enters” - in the body of the request. Everything above is actually the request header (and when we used the GET method, the form data was sent in the header). In order for the server to know at which byte to stop reading the request body, the header contains the line Content-Length; that the form data will be transmitted in the form parameter1=value1¶meter2=value2... , and the values are transmitted in the form of urlencode - that is, exactly the same as using the GET method, but in the body of the request - the Content header informs the server -Type: application/x-www-form-urlencoded .
The advantage of the POST method is that there is no limit on the length of the form data line.
When using the POST method, it is not possible to submit the form by simply "following a link" as was the case with GET .
When using a POST form, in its action attribute you can specify after the question mark the parameters of the GET form. Thus, the POST method includes the GET method.
So, forms are the main way to exchange data between a web server and a browser, that is, they provide user interaction - in fact, what web programming is for.
Consider a simple example:
The form shown on lines 8-12 contains two elements: name and okbutton. The method attribute specifies the POST form submission method, while the action attribute specifies the URL to which the form is sent, and is filled with the value of the PHP_SELF server variable - the address of the script currently running.
=$_SERVER["PHP_SELF"]?>- shortened form for echo $_SERVER["PHP_SELF"]; ?> .
Suppose we entered the value Vasya in the name field and clicked the OK button. In this case, the browser sends a POST request to the server. Request body: name=Vasya&okbutton=OK . PHP automatically populates the $_POST array:
$_POST ["name" ] = "Vasya"
$_POST ["okbutton" ] = "OK"
In reality, the value "Vasya" is sent by the browser in urlencode form; for windows-1251 encoding this value looks like %C2%E0%F1%FF . But since PHP automatically handles the necessary decoding, we can "forget" about this feature - until we have to deal with HTTP requests manually.
Since the body of the request specifies only names and values, but not form element types, PHP has no idea whether $_POST["name"] matches an input string, a button, or a list box. But we, in general, do not need this information at all. :)
Since we don't need to know what the submit button says, we can remove the name attribute on line 11, shortening the button description to . In this case, the browser will send a POST request name=Vasya.
And now the same thing, but for the GET form:
On line 8 one could just as easily write
PHP does the same with GET forms as it does with POST, with the difference that the $_GET array is populated.
The cardinal difference is in line 4. Since simply entering the address in the browser line is a GET request, the check if ($_SERVER["REQUEST_METHOD"] == "GET") is meaningless. Therefore, we resort to the isset() construct, which returns true if the variable is defined (that is, it has been assigned a value), and false if the variable is not defined. If the form has been filled out - as you already understood, PHP automatically assigns $_GET["name"] the appropriate value.
The verification method using isset() is universal; it could also be used for a POST form. Moreover, it is preferable because it allows you to find out which form fields are filled out.
A slightly more complex example.
No new techniques are used here. Figure it out, run the code, try modifying...
Let's change the last example so that the user does not have to fill out the fields again. To do this, fill the value attributes of the form elements with the values we just entered.
If (isset($_POST [ "name" ], $_POST [ "year" ])) (
if ($_POST [ "name" ] == "" ) (
echo "Please enter a name!
"
;
) else if ($_POST [ "year" ]<
1900
||
$_POST
[
"year"
] >
2004
) {
echo "Please specify the year of birth! Valid range of values: 1900..2004
"
;
) else (
echo "Hello, " . $_POST [ "name" ] . "!
"
;
$age = 2004 - $_POST [ "year" ];
echo "You" . $age. " years
"
;
}
echo "
Lines 4 and 5 may be somewhat confusing. Everything is very simple: line 4 could be written like this:
if (isset($_POST [ "name" ]))
$name = $_POST ["name" ];
else
$name = "" ;
The question may arise - why not throw out lines 4-5 and write:
Enter your name:
">
Enter your year of birth:
">
The point is that if these POST variables are not defined - and this will be the case if the form has not yet been filled out - PHP will issue warnings about the use of uninitialized variables (and, quite reasonably: such a message allows you to quickly find hard-to-detect typos in variable names, and also warns about possible “holes” on the site). You can, of course, put the isset code directly into the form, but it will be too cumbersome.
Got it? Now try to find the error in the given code. Well, not exactly a mistake, but a flaw.
Didn't find it? I'll give you a hint. Enter, for example, in the “name” field a double quote and some text, for example, “Va” Send the form, and take a look at the source code of the resulting page. The fourth line will have something like:
Enter your name:
That is, nothing good. What if a cunning user entered JavaScript code?
To solve this problem, you need to use the htmlspecialchars() function, which will replace the special characters with their HTML representation (for example, a quote with "):
If (isset($_POST [ "name" ], $_POST [ "year" ])) (
if ($_POST [ "name" ] == "" ) (
echo "Please enter a name!
"
;
) else if ($_POST [ "year" ]<
1900
||
$_POST
[
"year"
] >
2004
) {
echo "Please specify the year of birth! Valid range of values: 1900..2004
"
;
) else (
echo "Hello, " . $name . "!
"
;
$age = 2004 - $_POST [ "year" ];
echo "You" . $age. " years
"
;
}
echo "
Repeat the experiment and make sure that the HTML code is now correct.
Remember - the htmlspecialchars() function must be used whenever displaying the contents of a variable that may contain HTML special characters.
The phpinfo() function is one of the most important in PHP. It displays information about PHP settings, the values of various configuration variables...
Why am I mentioning it in an article on forms? phpinfo() is a convenient debugging tool. phpinfo(), among other things, prints the values of all $_GET, $_POST and $_SERVER variables. So if a form variable gets lost, the easiest way to find out what's wrong is to use the phpinfo() function. To ensure that the function displays only the values of variables (and without you having to scroll through dozens of pages), it should be called as follows: phpinfo(INFO_VARIABLES); , or - which is absolutely the same thing - phpinfo(32) ;.
Or, for example, this situation: you want to find out the IP address of a visitor. You remember that the corresponding variable is stored in the $_SERVER array, but - bad luck - you forgot what exactly the variable is called. Again, call phpinfo(32); , look for your IP address in the sign and find it in the line $_SERVER["REMOTE_ADDR"] .
Today I wanted to delve a little into primitive things and describe what can be found on the World Wide Web in large quantities and without much difficulty. We will talk practically about the holy of holies of the HTTP protocol: POST and GET requests.
Many will ask why? I will answer briefly and clearly: not everyone knows what it is and why it is needed, and those who want to learn about it (while understanding little in the IT field) often cannot understand what is written in many, many articles devoted to this topic. I’ll try to explain with my fingers what POST and GET requests are and what they are used for.
So, let's begin our journey into a fairy tale...
If you are reading this message, then you at least know what the Internet looks like and what a website is. Having omitted all the subtleties of the work of the World Wide Web, we will operate with such concepts as a user and a site. Whatever one may say, these two entities must somehow interact with each other. For example, people communicate with each other through gestures, emotions and speech, animals make some sounds, but what happens when a person and an Internet resource “communicate”? Here we have a case of information exchange, which can be transferred to the human conversation of the "Question and Answer" plan. Moreover, both the user and the site can ask questions and answers. When we talk about a site, its questions and answers, as a rule, are always expressed in the form of a web page with one text or another. When it comes to the user, then everything happens thanks to GET and POST requests (of course, not only, but we are talking about them).
Thus, we found out that the objects of our theme are necessary for "communicating" with the sites. Moreover, both GET and POST requests can be used both for “asking questions” to the site and for “answers”. How are they different? Everything is quite simple. However, to explain the differences, we will have to consider an example, for which we will take the site of the Internet store plan.
You probably often noticed when you were looking for something in online stores that when you searched using filters, the site address turned from the beautiful “http://magaazin.ru” into the terrible “http://magaazin.ru/?category=” shoes&size=38". So, everything that comes after the '?' symbol is your GET request to the site, and to be quite precise, in this case, you kind of ask the site about what it has in the "Shoes" category with sizes "38" (this example is taken from my head; in reality, everything may not look so obvious). As a result, we have that we can ask questions ourselves, by indicating them in the address bar of the site. Obviously, this method has several disadvantages. Firstly, anyone who is next to the user at the computer can easily spy on all the data, so using this type of request to transfer passwords is highly undesirable. Secondly, there is a limit on the length of the string that can be transferred from the site address field, which means that it will not be possible to transfer much data. However, the undoubted advantage of using GET requests is its ease of use and the ability to quickly query the site, which is especially useful during development, but that’s another story...
Now let's talk about POST requests. Smart readers may have realized that the main difference between this request and its counterpart is the secrecy of the transmitted data. If we consider an online store, a striking example where a POST request is used is registration on the site. The site asks for your data, you fill in this data and when you click on the “Registration” button you send your answer. Moreover, this data will not be displayed externally in any way. It is also worth noting that a fairly large amount of information can be requested - and the POST request has no restrictions. Well, if you touch on the minus, then such a request cannot be generated quickly. You can’t do this without special skills. Although in reality everything is not so difficult, but again, that’s another story.
Let's summarize. POST and GET requests are needed for “communication” between the user and the site. They are essentially almost the opposite of each other. The use of certain types of queries depends on the specific situation and using only one type of query is extremely inconvenient.