HTML forms and links send data via HTTP methods. PHP exposes query strings in $_GET and form bodies in $_POST.
GET — read, idempotent, bookmarkable
<a href="/search.php?q=php&page=2">Page 2</a>$q = trim($_GET['q'] ?? '');
$page = max(1, (int) ($_GET['page'] ?? 1));POST — mutations, larger payloads
<form method="post" action="/subscribe.php">
<input name="email" type="email">
</form>$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);Method selection
Use GET for safe reads (search, filters). Use POST for creates/updates/deletes. REST APIs also use PUT/PATCH/DELETE—often via frameworks or $_SERVER['REQUEST_METHOD'].
Playground note
Assign sample arrays to simulate input—the validation logic is what you practice here.
Important interview questions and answers
- Q: Why not put passwords in GET?
A: Query strings appear in logs, history, and Referer headers—use POST over HTTPS. - Q: filter_input vs raw $_POST?
A:filter_inputapplies validation/sanitization filters in one step.
Self-check
- Which superglobal holds
?page=2? - Why validate email with
FILTER_VALIDATE_EMAIL?
Challenge
Sanitize a search query
- Simulate
$_GET['q']with extra spaces. - Trim and reject empty queries.
- Echo the cleaned value.
Done when: output shows a trimmed, non-empty search string.
Interview prep
- GET vs POST?
GET for safe, idempotent reads in the query string; POST for mutations and sensitive data in the body—never passwords in GET.