• Choose a category
• All
• Classic-Fiction

♦ Each field/value pair is listed. The question mark is followed by each field name and its associated value in the following format:

URL?field1=value1&field2=value2

♦ An equal sign (=) follows each field name. Each field name is separated by the value of that field with an equal sign (and no spaces).

♦ The field value is listed immediately after the equal sign. The value of each field follows the equal sign.

♦ Spaces are converted to hexadecimal symbols. get data is transmitted through the URL, and URLS are not allowed to have spaces or other special characters in them. The browser will automatically convert all spaces in field names or values to the %20 symbol. Other special characters (like ampersands and equal signs) are also automatically converted to special symbols.

Sometimes, the spaces are converted to + signs, rather than %20. It isn’t really that important because the conversion is done automatically. Just know that URLs can’t contain spaces.

♦ An ampersand (&) is used to add a new field name/value pair. This particular example (the URL created by askName.html) has only one name/value pair. If the form had more elements, they would all be separated by ampersands.

You don’t have to do any of the URL formatting. It automatically happens when the user clicks the submit button. You’ll also never have to decode all this, as PHP will do it for you.

If you understand how the get method works, you can take advantage of it to send data to programs without the original form. For example, take a look at this address:

http://www.google.com/search?q=dramatic%20chipmunk

If you type this code into your browser’s location bar, you’ll get the Google search results for a classic five-second video. (If you haven’t seen this video, it’s worth viewing.) If you know a particular server-side program (like Google’s search engine) uses the get protocol, and you know which fields are needed (q stands for the query in Google’s program), you can send a request to a program as if that request came from a form.

You can also write a link with a preloaded search query in it:

Google search for the dramatic chipmunk

How did I know how to write the Google query?

You might wonder how I knew what fields the Google engine expects. If the program uses get, just use the intended form to make a search and look at the resulting URL. Some testing and experience told me that only the q field is absolutely necessary.

This trick (bypassing the form) could be considered rude by some because it circumvents safety features that may be built into the form. Still, it can be helpful for certain very public features, like preloaded Google searches, or looking up weather data for a particular location through a hard-coded link.

If a user clicks the resulting link, he would get the current Google search for the dramatic chipmunk video. (Really, it’s a prairie dog, but “dramatic chipmunk” just sounds better.)

Of course, if you can send requests to a program without using the intended form, others can do the same to you. You can never be 100 percent sure that people are sending requests from your forms. This can cause some problems. Look at the next section for a technique to minimize this problem by reading only data sent via the post method.

Using the post method to transmit form data

The get method is easy to understand because it sends all data directly in the URL. This makes it easy to see what’s going on, but there are some downsides to using get:

♦ The resulting URL can be very messy. Addresses on the Web can already be difficult without the added details of a get request. A form with several fields can make the URL so long that it’s virtually impossible to follow.

♦ All form information is user-readable. The get method displays form data in the URL, where it can easily be read by the user. This may not be desired, especially when the form sends potentially sensitive data.

♦ The amount