Language
日本語
English

Caution

JavaScript is disabled in your browser.
This site uses JavaScript for features such as search.
For the best experience, please enable JavaScript before browsing this site.

PHP Dictionary

  1. Home
  2. PHP Dictionary
  3. $_GET / $_POST / $_REQUEST

$_GET / $_POST / $_REQUEST Since: PHP 4(2000)

Superglobal variables for retrieving request data sent from the client. Used to receive form input values and URL query parameters.

Syntax

// Retrieves a URL query parameter.
$_GET['key'];

// Retrieves data sent via a POST request.
$_POST['key'];

// Retrieves request data from both GET and POST.
$_REQUEST['key'];

// Retrieves information about an uploaded file.
$_FILES['input_name'];

Variable List

VariableDescription
$_GETStores data retrieved from the URL query string. Data sent in the format ?key=value is stored as an associative array.
$_POSTStores data sent via the HTTP POST method. Values submitted from a form with method="post" are stored here.
$_REQUESTA merged array of $_GET, $_POST, and $_COOKIE. When keys conflict, priority depends on the php.ini settings.
$_FILESStores information about uploaded files. Contains the keys name, type, tmp_name, error, and size.

$_FILES Structure

KeyDescription
nameThe original filename on the client side.
typeThe MIME type of the file. This value is supplied by the client and should not be trusted.
tmp_nameThe path to the file temporarily saved on the server.
errorAn error code related to the upload. UPLOAD_ERR_OK indicates success.
sizeThe file size in bytes.

Sample Code

<?php
// Retrieve URL parameters with $_GET.
// URL: example.php?page=3&sort=date
$page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
$sort = isset($_GET['sort']) ? $_GET['sort'] : 'date';
echo "Page: " . $page; // Outputs 'Page: 3'.

// Retrieve form data with $_POST.
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
	$name = isset($_POST['name']) ? trim($_POST['name']) : '';
	$email = isset($_POST['email']) ? trim($_POST['email']) : '';

	// Validate the input.
	if (empty($name)) {
		echo "Please enter your name.";
	} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
		echo "Please enter a valid email address.";
	} else {
		echo "Registration complete: " . htmlspecialchars($name);
	}
}

// Use filter_input() for safer value retrieval.
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id !== false && $id !== null) {
	echo "ID: " . $id; // The value is a validated integer.
}

// Handle file uploads with $_FILES.
if (isset($_FILES['avatar']) && $_FILES['avatar']['error'] === UPLOAD_ERR_OK) {
	$tmpName = $_FILES['avatar']['tmp_name'];
	$fileName = basename($_FILES['avatar']['name']); // Prevents path traversal.
	$fileSize = $_FILES['avatar']['size'];

	// Check the file size.
	if ($fileSize > 2 * 1024 * 1024) {
		echo "File size must be 2 MB or less.";
	} else {
		$ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
		$allowed = ['jpg', 'jpeg', 'png', 'gif'];
		if (in_array($ext, $allowed, true)) {
			$newName = uniqid() . '.' . $ext;
			move_uploaded_file($tmpName, 'uploads/' . $newName);
			echo "Upload complete: " . htmlspecialchars($newName);
		}
	}
}

Notes

$_GET and $_POST are superglobal variables for receiving data submitted by the client. Data sent by users can always be tampered with, so always validate and sanitize it. When outputting to HTML, escape with htmlspecialchars(); when passing to SQL, use prepared statements.

$_REQUEST contains both $_GET and $_POST, but since you cannot tell which method was used to submit the data, its use is not recommended. To check the request method, use $_SERVER["REQUEST_METHOD"].

filter_input() is a convenient way to safely retrieve input values. Because it handles both validation and sanitization at once, it is safer than accessing $_GET or $_POST directly.

If you find any errors or copyright issues, please .

シェアするシェアする
このエントリーをはてなブックマークに追加