$_GET or $_POST?

[Maverickb7]

hello-- what is better to use and why? Also, I was wondering what would stop someone from sending information to one of my pages use $_GET if they find out the name of my varibles. How can I secure my code?

[wildteen88]

If you are dealing with submitting data from a form I would use the POST method and use $_POST to retrieve the submitted data. 99% of the time. I rarely use the GET method on a form to submit data as the data is showing in the URL which may show personal information, such as passwords etc. POST is more secure as it is hidden and the user can't see what data is being submitted.

The only time I use $_GET is on links when I need to send variables to my script to show different information. When I'm send data over the url I usually only accept certain keywords/numbers to be sent over. Such as if I only want numerical data to be sent over the URL I'll check the data that is being sent is a of a numerical value like so:
[code]<a href="?var=0125698">Send 0125698 over the url</a> | <a href="?var=hello">Send hello over the url</a>
<hr />
<?php

if(isset($_GET['var']) && is_numeric($_GET['var']))
{
    echo "Var is number!";
}
else
{
    die("<b>Script Terminated</b> - No/Invalid data being sent!");
}

?>[/code]When you run the script the first time it'll display:
[b]Script Terminated[/b] - No/Invalid data being sent!

Untill you click the first link. When you click the secound link it'll show the above message.

You should always validate any user input from any user as you don't know who is sending what to your page. The same applies to $_POST too.

[Vinze]

You actually only need $_GET when you want users to be able to copy the page's URL and give it to others who will then end up at the same page. You should use it e.g. with page's ID's.

I rarely use $_GET for forms, I just use them in my links.