Php Superglobals Get Post Request Files Complete Guide

 Last Update:2025-06-23T00:00:00     .NET School AI Teacher - SELECT ANY TEXT TO EXPLANATION.    6 mins read      Difficulty-Level: beginner

Understanding the Core Concepts of PHP Superglobals GET, POST, REQUEST, FILES

PHP Superglobals: GET, POST, REQUEST, FILES

Here’s a detailed explanation of the most commonly used PHP superglobals: $_GET, $_POST, $_REQUEST, and $_FILES.

1. $_GET

The $_GET superglobal is an associative array that stores data sent via the URL parameters (query string). Data passed via $_GET is visible to everyone (displayed in the URL) and has size limitations (usually around 2048 characters, depending on the browser and server settings).

Important Information:

  • Used in URL-based data transmission.
  • Accessible from http://example.com/page.php?var1=value1&var2=value2.
  • Best for non-sensitive data since it's appended to the URL.
  • Example: 
    // URL: http://example.com/page.php?name=John&age=30
echo $_GET['name']; // Outputs John
echo $_GET['age'];  // Outputs 30

2. $_POST

The $_POST superglobal is another associative array that holds data sent from an HTML form using the method="post" attribute. Unlike $_GET, $_POST sends data securely (not visible in the URL) and can handle much larger amounts of data.

Important Information:

  • Ideal for sensitive data like passwords.
  • Does not appear in the URL.
  • No size restrictions imposed by the URL length limit.
  • Example: 
    <form method="post" action="page.php">
  Name: <input type="text" name="name"><br>
  Email: <input type="email" name="email"><br>
  <input type="submit" value="Submit">
</form>

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // Collect and sanitize input data
  $name = htmlspecialchars($_POST['name']);
  $email = htmlspecialchars($_POST['email']);
}
?>

3. $_REQUEST

The $_REQUEST superglobal is also an associative array but combines the data from $_GET, $_POST, and $_COOKIE. It should be used with caution as it might introduce security risks if not properly handled.

Important Information:

  • A combination of $_GET, $_POST, and $_COOKIE.
  • Not recommended for secure data transmission due to potential security vulnerabilities.
  • Can be less clear since data sources are combined.
  • Example: 
    // URL: http://example.com/page.php?name=John
<form method="post" action="page.php">
  Name: <input type="text" name="name"><br>
  <input type="submit" value="Submit">
</form>

<?php
echo $_REQUEST['name'];
?>
    In this example, if both a query parameter and a form field named name exist, $_REQUEST['name'] will return the value from the POST data (if available), otherwise, it will return the value from the URL.

4. $_FILES

The $_FILES superglobal is used when handling file uploads through a web form. It contains information about uploaded files, including their temporary locations on the server, names, types, and sizes.

Important Information:

  • Contains file upload information.
  • Used with enctype="multipart/form-data" in form tags.
  • Provides various details such as name, type, size, tmp_name, and error.
  • Requires proper validation to prevent security issues like file injection attacks.
  • Example: 
    <form action="upload.php" method="post" enctype="multipart/form-data">
  Select image to upload:
  <input type="file" name="myFile">
  <input type="submit" value="Upload Image" name="submit">
</form>

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // Check if file was uploaded without errors
  if (isset($_FILES["myFile"]) && $_FILES["myFile"]["error"] == 0) {
    $allowed = ["jpg" => "image/jpg", "jpeg" => "image/jpeg", "gif" => "image/gif", "png" => "image/png"];
    $filename = $_FILES["myFile"]["name"];
    $filetype = $_FILES["myFile"]["type"];
    $filesize = $_FILES["myFile"]["size"];

    // Verify file extension
    $ext = pathinfo($filename, PATHINFO_EXTENSION);
    if (!array_key_exists($ext, $allowed)) die("Error: Please select a valid file format.");

    // Verify file size - 5MB maximum
    $maxsize = 5 * 1024 * 1024;
    if ($filesize > $maxsize) die("Error: File size is larger than the allowed limit.");

    // Verify MYME type of the file
    if (in_array($filetype, $allowed)) {
      // Check whether file exists before uploading it
      if (file_exists("upload/" . $filename)) {
        echo $filename . " is already exists.";
      } else {
        move_uploaded_file($_FILES["myFile"]["tmp_name"], "upload/" . $filename);
        echo "Your file was uploaded successfully.";
      } 
    } else {
      echo "Error: There was a problem uploading your file. Please try again."; 
    }
  } else {
    echo "Error: " . $_FILES["myFile"]["error"];
  }
}
?>

Summary:

  • $_GET: Data sent via URL parameters, visible and has size limitations. Suitable for non-sensitive data.
  • $_POST: Securely send data from HTML forms, not visible in the URL. Better for larger data sets and sensitive information.
  • $_REQUEST: Combines $_GET, $_POST, and $_COOKIE. Less secure and clear, should be avoided in security-critical applications.
  • $_FILES: Handle file uploads from forms using enctype="multipart/form-data", providing necessary file details and ensuring safe processing.

Each of these superglobals plays an essential role in different scenarios within web development, and understanding when and how to appropriately use them is key to creating effective and secure PHP applications.

Keywords for SEO:

PHP Superglobals, $_GET, $_POST, $_REQUEST, $_FILES, URL Parameters, HTML Forms, Method POST, Form Method, Data Transmission, Web Security, File Uploads, Data Handling, PHP Variables, Server-Side Processing, Form Validation, HTML Form Action, File Injection Attacks, Query String, PHP Array, Sanitize Input Data, File Types, HTTP Requests, Web Application Development, Server Configuration, Form Data, Security Best Practices, PHP Coding, Web Development Basics

Online Code run

🔔 Note: Select your programming language to check or run code at

💻 Run Code Compiler

Step-by-Step Guide: How to Implement PHP Superglobals GET, POST, REQUEST, FILES

Step 1: Understanding PHP Superglobals

PHP Superglobals are built-in variables that are always available in all scopes throughout a script. The most commonly used ones are:

  • $_GET - collects data from a URL query string (visible in the URL)
  • $_POST - collects data from HTML form submissions (invisible to the user)
  • $_REQUEST - collects data from $_GET, $_POST, and $_COOKIE
  • $_FILES - collects uploaded file data

Step 2: Using $_GET

Example: Passing Data via URL Query String

  1. Create an HTML Form with GET Method

    <!-- file: get_example.php -->
<!DOCTYPE html>
<html>
<body>
    <form action="process_get.php" method="get">
        Name: <input type="text" name="name"><br>
        Email: <input type="email" name="email"><br>
        <input type="submit">
    </form>
</body>
</html>

  2. Process the Form Data in PHP

    // file: process_get.php
<?php
if (isset($_GET['name']) && isset($_GET['email'])) {
    $name = htmlspecialchars($_GET['name']);
    $email = htmlspecialchars($_GET['email']);
    echo "Your name is $name and your email is $email.";
} else {
    echo "No data received.";
}
?>

Step 3: Using $_POST

Example: Submitting Data via HTML Form

  1. Create an HTML Form with POST Method

    <!-- file: post_example.php -->
<!DOCTYPE html>
<html>
<body>
    <form action="process_post.php" method="post">
        Name: <input type="text" name="name"><br>
        Email: <input type="email" name="email"><br>
        <input type="submit">
    </form>
</body>
</html>

  2. Process the Form Data in PHP

    // file: process_post.php
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['name']) && isset($_POST['email'])) {
    $name = htmlspecialchars($_POST['name']);
    $email = htmlspecialchars($_POST['email']);
    echo "Your name is $name and your email is $email.";
} else {
    echo "No data received or not using POST method.";
}
?>

Step 4: Using $_REQUEST

Example: Collecting Data from GET, POST, or COOKIE

  1. Create an HTML Form (similar to POST, but can also test with GET and COOKIE)

    <!-- file: request_example.php -->
<!DOCTYPE html>
<html>
<body>
    <form action="process_request.php" method="post">
        Name: <input type="text" name="name"><br>
        Email: <input type="email" name="email"><br>
        <input type="submit">
    </form>
</body>
</html>

  2. Process the Form Data in PHP

    // file: process_request.php
<?php
if (isset($_REQUEST['name']) && isset($_REQUEST['email'])) {
    $name = htmlspecialchars($_REQUEST['name']);
    $email = htmlspecialchars($_REQUEST['email']);
    echo "Your name is $name and your email is $email.";
} else {
    echo "No data received.";
}
?>

Step 5: Using $_FILES

Example: Uploading Files via HTML Form

  1. Create an HTML Form for File Upload

    <!-- file: file_upload_form.php -->
<!DOCTYPE html>
<html>
<body>
    <form action="file_upload.php" method="post" enctype="multipart/form-data">
        Select file to upload:
        <input type="file" name="myfile"><br>
        <input type="submit" value="Upload File" name="submit">
    </form>
</body>
</html>

  2. Process the Uploaded File in PHP

Top 10 Interview Questions & Answers on PHP Superglobals GET, POST, REQUEST, FILES

1. What are PHP Superglobals?

Answer: PHP Superglobals are built-in variables that are always available in all scopes throughout a script. They include $_GET, $_POST, $_REQUEST, $_FILES, and others like $_SERVER, $_COOKIE, $_SESSION, and $_ENV.

2. What is the $_GET Superglobal?

Answer: $_GET is a PHP Superglobal array that contains the values of the variables passed through the URL or query string. Data is visible in the URL, making it useful for bookmarking or sharing, but it's not secure for sensitive information.

Example:

// URL: http://example.com/index.php?name=John&id=123
echo $_GET['name']; // Outputs: John
echo $_GET['id'];   // Outputs: 123

3. What is the $_POST Superglobal?

Answer: $_POST is a PHP Superglobal array that holds the values of variables sent via the POST method in a form submission. Data is not visible in the URL, making it more secure for sensitive information like passwords.

Example:

// HTML form
<form method="post" action="process.php">
    <input type="text" name="username">
    <input type="password" name="password">
    <input type="submit">
</form>

// process.php
echo $_POST['username'];
echo $_POST['password'];

4. What is the $_REQUEST Superglobal?

Answer: $_REQUEST is a PHP Superglobal array that contains data from $_GET, $_POST, and $_COOKIE. It's less specific and can sometimes contain data unexpectedly if different methods are used, making it less secure and reliable compared to $_GET and $_POST.

Example:

// URL: http://example.com/index.php?name=John
<input type="text" name="name" value="Doe"> // Submitted via POST or GET

echo $_REQUEST['name']; // Outputs: John if using URL, or Doe if using POST

5. What is the $_FILES Superglobal?

Answer: $_FILES is a PHP Superglobal array that contains the file information uploaded via a form submitted with enctype="multipart/form-data". It's used to handle file uploads.

Example:

<form method="post" action="upload.php" enctype="multipart/form-data">
    Upload file: <input type="file" name="avatar">
    <input type="submit">
</form>

// upload.php
if ($_FILES['avatar']['error'] == UPLOAD_ERR_OK) {
    move_uploaded_file($_FILES['avatar']['tmp_name'], "uploads/" . $_FILES['avatar']['name']);
}

6. When should you use $_GET vs. $_POST?

Answer: Use $_GET for small amounts of non-sensitive data that can be bookmarked or shared, and for search queries or navigation through pages. Use $_POST for any form submission where data security is a concern, especially for sensitive information like passwords and financial data.

7. Is $_REQUEST a good practice?

Answer: Generally, using $_REQUEST is not recommended due to its ambiguity as it combines data from different sources, leading to potential security risks and debugging challenges. It's better to use $_GET or $_POST explicitly based on your needs.

8. Can $_GET or $_POST be empty?

Answer: Yes, $_GET and $_POST can be empty depending on whether data has been sent or not. Always check for the existence of keys using isset() before accessing them to avoid undefined index notices.

Example:

if (isset($_GET['name'])) {
    echo $_GET['name'];
} else {
    echo "Name not provided";
}

9. How do you handle file uploads errors with $_FILES?

Answer: When handling file uploads, always check for errors using $_FILES['fieldname']['error']. Errors are mapped to constants like UPLOAD_ERR_OK, UPLOAD_ERR_INI_SIZE, UPLOAD_ERR_FORM_SIZE, etc.

Example:

if ($_FILES['avatar']['error'] === UPLOAD_ERR_OK) {
    move_uploaded_file($_FILES['avatar']['tmp_name'], "uploads/" . $_FILES['avatar']['name']);
} else {
    echo "Upload error: " . $_FILES['avatar']['error'];
}

10. Is $_FILES['name']['type'] a reliable way to check file type?

Answer: No, $_FILES['name']['type'] is provided by the client and can be tampered with, so it's not reliable for validating file types. Always use functions like finfo_file() to check the MIME type of an uploaded file.

Example:

You May Like This Related .NET Topic

📥 Download Code ▶️ Watch Online 📖 Read Description

Login to post a comment.