Notes on the lesson Using the Query String of the the Tuts+ Course PHP Fundamentals by Jeffery Way.

These are my reference notes on the lesson Using the Query String of the the Tuts+ Course PHP Fundamentals by Jeffery Way.

Links

Notes

The query string is everything that comes after the question mark in the URL eg. http://benpearson.com.au/index.php?name=jeffery&job=developer

The query string contains key value pairs eg. name=jeffery and job=developer. They are seperated with and ampersand.

$_GET is a super global.

The following PHP will display the associative array of the $_GET super global.

var_dump($_GET);

 

The $_GET request (also known as a HTTP verb) is only used when you are fetching and displaying data.  It is not used to send data to update a database. You would use $_POST for that.

You need to test that an item exists in the super global before echoing it otherwise PHP will display an error on the page. Here’s an example of how this is done:

if ( isset( $_GET['job'] ) ) {
    echo $_GET['job'];
}

 

Assume all data received from the query string is dangerous as the URL can be edited by the user.

Run everything you echo from the query string through htmlspecialchars() first. This will convert all your special characters into their html entitys eg. < is converted to &lt;

Leave a Reply

Your email address will not be published. Required fields are marked *