Difference between GET and POST? what should i use specially for sending data to a Database ?or carr-CodePudding

Question about GET and POST in PHP. i wonder what is the difference between POST and GET and when do you use them respectively? so as far from i tried, GET can also show the data in the link.

for example, the name of my link is Localhost/index.php then inside my php file is an input box and a submit button. if for example i use GET, if i click the submit button, it will take the data i put in inputbox(for example, name) and add it to the link. so the link now is Localhost/index.php/?name=Tina i think this is how GET works. but if i use POST, it will not show the input data in the link and it will remain Localhost/index.php. (atleast, from what i practice)

i wonder what are other differences between the two and when they should be use? for example im making a website(ex: sign up website) that will take information and send it to a database in MySQL..or the webpage should carry over the from this webpage to another webpage. should i use GET or POST?

CodePudding user response：

You are kind of overthinking it. It is as simple as: POST - used to post(send) data to the database. GET - used to get(fetch) data from the database.

So in the case of the form, what you need to do is a POST request, so you send the data to MySQL. And in order to retrieve that data, you will perform a GET request.

See this https://www.geeksforgeeks.org/http-get-post-methods-php/ for a comprehensive explanation.

CodePudding user response：

Keeping it very short:

You never-ever should pass any sensitive information over GET method, because it's visible by logs, by your internet provider/router, third parties.. such as google analytics and more.

A common use of GET is when you allow users to change the parameters of a page they see.. i.e. search parameters or the number of products per page.

POST when you want to send information to the server "privately" and (preferably) with a nonce to make it sendable only once.

But regardless of a method - POST or GET - sanitise, sanitise, sanitise.. that is what you need to really worry about. User input should not be accepted as is when you receive it, kinda #1 rule on the internet.