PHP Input Methods
Superglobals Overview
Section titled “Superglobals Overview”PHP automatically collects input data into special arrays called superglobals. These arrays are available everywhere in your script without any setup.
Think of superglobals as different mailboxes where PHP sorts incoming data based on how it arrived.
Key superglobals: $_GET, $_POST, $_FILES, $_COOKIE, $_SESSION, $_ENV
Choosing the Right Method
Section titled “Choosing the Right Method”Match the input method to your specific needs and security requirements.
1. GET Query String Parameters
Section titled “1. GET Query String Parameters”- Use for: Search queries, pagination, filters, shareable URLs
- Limitation: Visible in URL, size restricted, not secure for sensitive data
Syntax:
// URL: script.php?param1=value1¶m2=value2$param1 = $_GET['param1']; // "value1"$param2 = $_GET['param2']; // "value2"// URL: script.php?name=John&age=25$name = $_GET['name']; // "John"$age = $_GET['age']; // "25"
// Always check if parameter exists$search = $_GET['query'] ?? 'default';2. POST Data
Section titled “2. POST Data”- Use for: Form submissions, user registration, login, data modification
- Advantage: Hidden from URL, handles large amounts of data
// From HTML form with method="POST"$username = $_POST['username'];$email = $_POST['email'];
// Validate before usingif (!empty($_POST['username'])) { echo htmlspecialchars($_POST['username']);}3. Command Line Arguments
Section titled “3. Command Line Arguments”- Use for: Automation scripts, batch processing, system utilities
- Perfect for: Cron jobs and developer tools
// Command: php script.php file.txt backup$scriptName = $argv[0]; // "script.php"$filename = $argv[1]; // "file.txt"$action = $argv[2]; // "backup"$argCount = $argc; // 34. File Uploads
Section titled “4. File Uploads”- Use for: User file uploads, attachments, documents
- Best practice: Implement security checks (size, type, location)
// HTML: <input type="file" name="document">$file = $_FILES['document'];$name = $file['name']; // Original filename$tmpPath = $file['tmp_name']; // Temporary location$size = $file['size']; // File size in bytes
if ($file['error'] === UPLOAD_ERR_OK) { move_uploaded_file($tmpPath, "uploads/" . $name);}5. Cookies
Section titled “5. Cookies”- Use for: User preferences, shopping cart, remember settings
- Limitation: 4KB size limit, can be disabled by users
// Set cookie (before any output)setcookie('theme', 'dark', time() + 3600); // 1 hour
// Read cookie$theme = $_COOKIE['theme'] ?? 'light'; // Default to light6. Sessions
Section titled “6. Sessions”- Use for: User authentication, shopping carts, multi-step forms
- Advantage: Server-side storage, secure, larger data capacity
session_start(); // Always call first
// Store data$_SESSION['user_id'] = 123;$_SESSION['username'] = 'alice';
// Read dataif (isset($_SESSION['user_id'])) { echo "Welcome, " . $_SESSION['username'];}7. Environment Variables
Section titled “7. Environment Variables”- Use for: Configuration, API keys, database credentials
- Best practice: Keep sensitive data out of source code
// Read configuration from environment$dbUrl = $_ENV['DATABASE_URL'];$apiKey = getenv('API_SECRET');$debug = $_SERVER['APP_DEBUG'] ?? 'false';
// Set environment variableputenv('TEMP_PATH=/tmp/myapp');8. Standard Input (STDIN)
Section titled “8. Standard Input (STDIN)”- Use for: Interactive CLI scripts, data processing pipelines
- Works with: Pipes (
echo "data" | php script.php) and file redirection
// Interactive command line inputecho "Enter your name: ";$name = trim(fgets(STDIN));
// Read until end of file$allInput = stream_get_contents(STDIN);Security Essentials
Section titled “Security Essentials”Every external input is potentially dangerous until validated.
- Golden Rule: Never trust user input directly
- Validate all input data (type, length, format)
- Use
htmlspecialchars()for output - Use prepared statements for database queries
- Check file uploads carefully
- Implement input filtering early in your application