To access form data submitted via the GET method in PHP, use the $_GET superglobal array. 1) Only input fields with a name attribute are included in the $_GET array. 2) Values appear as strings with spaces converted to pluses and special characters URL-encoded. 3) Always check if a key exists using isset() or !empty() before accessing it. 4) Sanitize user input using htmlspecialchars() when displaying output. 5) Validate specific inputs like emails using filter_var(). 6) Avoid sensitive data in GET requests due to visibility, caching, and history risks. 7) Do not rely on GET for actions that change server state; use POST or DELETE instead.

When you need to access form data submitted via the GET method in PHP, you use the $_GET superglobal array. It’s straightforward: when a form is submitted with method="get", the data gets appended to the URL as query parameters, and PHP automatically parses them into the $_GET array.

Understanding How Form Data Appears in $_GET

When a user submits a form using the GET method, each input field with a name attribute becomes a key in the $_GET array. The value associated with that key is whatever the user typed or selected in the form.

For example, if your form looks like this:

<form action="process.php" method="get">
  <input type="text" name="username">
  <input type="submit" value="Submit">
</form>

And the user types "john_doe" into the username field, they’ll be taken to:

process.php?username=john_doe

In process.php, you can access this value like so:

echo $_GET['username'];

A few things to note:

• Only fields with a name attribute are included (not just id)
• Spaces become pluses ( ) and special characters get URL-encoded
• All values come in as strings

How to Safely Access and Use GET Data

Just because $_GET is easy to use doesn’t mean you should access it without checking first. You never want to assume a key exists.

Here's how to safely check for a value:

if (isset($_GET['username'])) {
    $username = htmlspecialchars($_GET['username']);
    echo "Hello, " . $username;
}

Some good practices:

• Always use isset() or !empty() before accessing a key
• Sanitize output with htmlspecialchars() if displaying user input
• Don’t trust user input — validate and filter everything

If you're expecting an email address, don't just accept any string:

if (isset($_GET['email']) && filter_var($_GET['email'], FILTER_VALIDATE_EMAIL)) {
    // valid email
}

Common Pitfalls and What to Watch Out For

GET requests are visible in the browser’s address bar, so they’re not suitable for sensitive information like passwords.

Also, since the data is part of the URL:

• It can be bookmarked or shared easily (sometimes a benefit)
• There’s a length limit depending on browser/server
• It’s cached by browsers and logged in history

One common mistake is forgetting that not all form submissions will include every possible parameter. If you build URLs manually with GET parameters, someone could easily change or remove them — always code defensively.

Also, avoid doing anything that changes server state based on a GET request. For example, deleting a user account via GET is considered bad practice — POST or DELETE methods are more appropriate for such actions.

That’s basically how $_GET works. It’s simple but powerful, and knowing how to handle it safely makes a big difference.

The above is the detailed content of How do I access form data submitted via GET using the $_GET superglobal?. For more information, please follow other related articles on the PHP Chinese website!