Wicked cool PHP: Fetching form variables


You should pull form data from predefined server variables. All data passed on to your web page via a posted form is automatically stored in a large array called

, and all GET data is stored in a large array called
. File upload information is stored in a special array called
. In addition, there is a combined variable called

To access the username field from a

method form, use
. Use
if the username is in the URL. If you don't care where the value came from, use


$post_value = $_POST['post_value'];
$get_value = $_GET['get_value'];
$some_variable = $_REQUEST['some_value'];


is a union of the
, and
arrays. If you have two or more values of the same parameter name, be careful of which one PHP uses. The default order is cookie, POST, then GET.

There has been some debate on how safe

is, but there shouldn't be. Because all of its sources come from the outside world (the user's browser), you need to verify everything in this array that you plan to use, just as you would with the other predefined arrays. The only problems you might have are confusing bugs that might pop up as a result of cookies being included.


Today's Tip was adapted from "Wicked Cool PHP" by William Steinmetz with Brian Ward, Published by No Starch Press.
Free Course: JavaScript: The Good Parts
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies