How to Talk Like PHP: Part 2

One of the things that tripped me up a lot early on were predefined variables. These variables look like $_POST, $_GET, $_SERVER, $_FILES, ETC., er, I mean "etc." lowercase. They're like the establishment.

These tripped me up because most tutorials glaze over the details of what these actually [i]are[/i] or why we use them, but they are incredibly powerful and useful part of PHP. For instance, the $_POST function gives you information from a form.


<form action=script.php method=post>
    <input type=text name=input1 value=value1/>
    <input type=text name=input2 value=value2/>
    <input type=submit name=submit value=Submit />
</form>



Each of these parts of the <form> puts itself into an array the second you click the "Submit" button (because of that "method=post" attribute -- the other is "get", and you'll learn more about that below). The name of the variable of this array is $_POST. The items contained in this array look like this:


input1 => value1
input2 => value2
submit => submit

echo $_POST['input1'];
echo $_POST['input2'];
echo $_POST['submit'];

// The output will look like this:
value1value2submit



And, to wit, this $_POST variable array is only sent to the script with the attribute. More often than not, you'll be using this functionality to place items into a database, like so:


// This portion of code would be in that 'script.php' file mentioned in the form

// Assigning the POSTed data to more chewable variables
$input1 = $_POST['input1'];
$input2 = $_POST['input2'];

// Setting the query being sent to MySQL
$sql = "INSERT INTO database SET database1='$input1', database2='$input2'";

// Actually doing the command to MySQL (which can return a true/false)
mysql_query($sql);



[i]Please note that this is about as insecure as it gets, and shouldn't be used as a model for actually inputting database information, especially if it's being input by 3rd parties. For more advanced information on scrubbing inputs for MySQL, refer to this site (thanks to redditors for this addendum).[/i]

$_GET is like $_POST, only its array deals with the address bar. Just look at this page's address. When it's used as a method for a form (e.g., "method=get"), its values are appended to the URL, with a "?" placed at the end as a query separator automagically, and thereafter separated by "&".


http://www.ddrewdesign.com/home.php?cmd=article&id=84

// These are the values stored in the array $_GET
cmd => article
id => 84

// So if I echo the $_GET values...
echo $_GET['cmd'];
echo $_GET['id'];

// I get this in the output
article84



Hopefully, at this point, you get the gist of how these predefined variables work. Because they are predefined, remember not to use any variables of the same name. You'll get an error if you do.

And just so I'm perfectly clear, I'm by no means an authority on PHP. These are just some ways I wish someone had explained the language to me earlier on to help me learn it. The examples I use are far from efficient, and probably riddled with security holes. I welcome any advice to teach better examples.

Please be sure to read Part 1 of this series if you haven't already.