PHP Tutorial 7: $_POST and $_GET Functions

$_GET and $_POST method difference

PHP provides two functions to handle form processing. The two methods are $_POST and $_GET. Well both the methods perform same operation. The difference lies in the method they operate. Let’s bring them head to head and show you which one is more secure in operation.

Security is the top most priority when it comes to sending form inputs from browser to the server.

1. When it comes to operation function $_GET is less secure but effective than $_POST.

2. $_GET has limitations over sending data. You can only send hundred words of data with $_GET at a time.

3. There is a visible difference between both these methods as well. As you enter the values into the form and click the submit button the link in the browser or URL gets extended. That means values are passed using URL. Unlike $_GET , $_POST is independent of URL. There is nothing happening on the link while sending the inputs.

Let us show you both the operations using simple examples for each.

Suppose this is the form which takes the inputs


Below is the difference in the methods at which both methods operate. Though they give same results.

$_GET and $_POST method difference

I have a simple code that could explain the implementation of $_GET method.

Here’s the source code :

save the below as test.html. You can see GET method being used in
<form action=”welcome.php”  method=”get”>. GET method is used to invoke welcome.php  script.


<form action="welcome.php" method="GET">
Name: <input type="text" name="fname" />
From: <input type="text" name="from" />
You like to play: <input type="text" name="play" />
<input type="submit" />


welcome.php: Save the below file using welcome.php . You can see PHP $_GET is used to get the inputs from the above script.



echo "Your name is".$name."<br>";
echo "Your are from".$from."<br>";
echo "You play".$play."<br>";
Thank you 


Where is the security? PHP $_POST finds itself more secure. The reason is simple; values of the inputs are not visible to the user and it should be. The main reason is you don’t want to show value of the password being transferred from browser to the script that validates the password to appear in the URL. In case there is a scenario where your browser is cached then the stalker or the spying person may get the details of the values passed from the browser.

To Top