WEB forms are an essential mechanism for receiving various types of information from users on websites. They are widely used in many scenarios such as inquiries, surveys, membership registration, and login. Data submitted through forms must be processed and received on the server side, with GET and POST being the representative methods for this.
In this article, we will explain these basic methods of receiving data and deepen understanding through simple working form examples. We also introduce concrete code examples that are easy for beginners to understand, so please refer to them.

Retrieve entered values using GET

One of the form submission methods is “GET.” GET sends the data entered in the form appended as parameters at the end of the URL. It is often used when transitioning to a search results page after entering a keyword in a search form.
GET mainly has the following characteristics and appropriate use cases.

Features of GET

  • Data is displayed in the URL
    The information sent via the form is included in the URL in the format ?key=value&key2=value2. This makes it easy for users or third parties to view the submitted content, but it is unsuitable for sending sensitive information or large amounts of data.
  • Limited data size
    Because browsers and servers impose limits on URL length, the amount of data that can be sent is practically limited to a few thousand characters. For sending large amounts of data, using POST is recommended.
  • Easy to bookmark and share
    Since the data is contained in the URL, the state of the submitted results can be bookmarked or shared with others as is. For example, you can copy the URL of search results and send it via email.

Code example (HTML + PHP)

<!-- sample_get.html -->
<form method="get" action="get_receive.php">
  Name: <input type="text" name="username">
  <input type="submit" value="Submit">
</form>

<!-- get_receive.php -->
<?php
if (isset($_GET['username'])) {
    // Escape special characters of the input value to prevent XSS attacks
    $name = htmlspecialchars($_GET['username'], ENT_QUOTES, 'UTF-8');
    echo "Hello, " . $name . "!";
} else {
    echo "Name has not been entered.";
}
?>

Explanation

In this example, the method="get" attribute of the <form> tag sends the user-entered “username” value as a query parameter in the URL.
On the PHP side, the superglobal variable $_GET receives the submitted value, and isset checks if the value exists. If a value exists, the htmlspecialchars function converts HTML special characters (e.g., <, >, ") into safe strings for display. This is an important process to prevent cross-site scripting (XSS) attacks.
If no name is submitted, a message indicating no input is displayed.
Because GET is simple and easy to handle, it is suitable for situations where you want to retrieve information and immediately display the result.

Retrieve entered values using POST

Another representative form submission method is “POST.” POST sends the data entered in the form within the HTTP request body, so the data does not appear in the URL.
Due to this characteristic, it is suitable for sending highly confidential data such as login forms, passwords, and personal information. Also, POST has practically no limitation on the amount of data sent and supports sending large amounts of text and files.

Features

  • Data is not displayed in the URL
    Data is included in the HTTP request body, so the browser’s address bar does not show the submitted content. This prevents third parties from easily viewing the submission content from the URL, providing better privacy protection.
  • Can send large amounts of data
    Unlike GET, it is not limited by URL length, making it suitable for sending larger data such as text or files within the form.
  • More secure than GET, but HTTPS is required for encryption
    Because data is not included in the URL, it is harder for third parties to see it, but the content is not encrypted by default. To prevent eavesdropping during transmission, HTTPS must always be used.

Code example (HTML + PHP)

<!-- sample_post.html -->
<form method="post" action="post_receive.php">
  Email: <input type="email" name="email" required>
  <input type="submit" value="Submit">
</form>

<!-- post_receive.php -->
<?php
if (isset($_POST['email'])) {
    // Escape special characters of the entered email to prevent XSS
    $email = htmlspecialchars($_POST['email'], ENT_QUOTES, 'UTF-8');
    echo "Submitted email address: " . $email;
} else {
    echo "Email address has not been entered.";
}
?>

Explanation

The method="post" attribute of the <form> tag sends the form data as the HTTP request body to the server. PHP uses the superglobal variable $_POST to receive the submitted data.
The isset() function checks whether the input value exists, and if so, the htmlspecialchars() function converts HTML special characters to prevent security risks such as XSS (cross-site scripting).
POST submissions do not include data in the URL, so it is not suitable for sharing information like search results, but it is appropriate for sending important information such as user passwords and email addresses.
Also, uploading large amounts of text or files is generally done via POST. When the form input contains user privacy-related content, it is essential to use HTTPS communication to encrypt the data.

About SERVER variables

PHP’s $_SERVER is a superglobal variable that holds information about the server environment and HTTP requests. It provides various details about the PHP script execution environment in an array format and allows access to data such as the form submission source, request type, server name, and user agent. It is very useful for form processing, page control, logging, debugging, and plays a foundational role in controlling dynamic behavior of web applications.

Common examples

  • $_SERVER['REQUEST_METHOD']
    Gets the current HTTP request method name.
    Typical values returned are “GET” or “POST,” used to determine how the form was submitted.
  • $_SERVER['PHP_SELF']
    Returns the file path of the currently executing script.
    Used, for example, when submitting a form to the same file.
    HTML escaping is essential for XSS prevention.
  • $_SERVER['QUERY_STRING']
    Gets the query string part of the URL (the parameters after the ?).
    Useful for raw inspection of URL parameters or logging.
  • $_SERVER['HTTP_HOST']
    Gets the hostname to which the request was sent.
    For example, “example.com” or “localhost” is returned.
  • $_SERVER['REMOTE_ADDR']
    Gets the client (user) IP address.
    Used for access logging or access restrictions.
  • $_SERVER['HTTP_USER_AGENT']
    Gets the user’s browser information (user agent).
    Helps in browser and device detection.
  • $_SERVER['SCRIPT_FILENAME']
    Returns the absolute path of the running script.
    Useful when dynamically obtaining file paths.

Code example

<?php
echo "Request Method: " . $_SERVER['REQUEST_METHOD'] . "<br>";
echo "Current Page: " . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . "<br>";
echo "Query String: " . htmlspecialchars($_SERVER['QUERY_STRING'], ENT_QUOTES, 'UTF-8') . "<br>";
echo "Host Name: " . $_SERVER['HTTP_HOST'] . "<br>";
echo "Client IP Address: " . $_SERVER['REMOTE_ADDR'] . "<br>";
echo "User Agent: " . htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') . "<br>";
echo "Script Path: " . $_SERVER['SCRIPT_FILENAME'] . "<br>";
?>

Explanation

$_SERVER contains various information about the server and client as shown above.
For example, using $_SERVER['REMOTE_ADDR'] allows you to get the user’s IP address, which can be used for access control or logging.
$_SERVER['HTTP_USER_AGENT'] helps identify the user’s browser and OS, useful for responsive design or avoiding issues with specific browsers.
Also, $_SERVER['HTTP_HOST'] is convenient to dynamically get the current domain name.
By combining this information, you can create more advanced and flexible web applications.

Example of submitting a name

This is a simple form example where you input a “name” and submit it, and a greeting is returned.

Code example (HTML + PHP)

<!-- name_form.php -->
<form method="post" action="">
  Name: <input type="text" name="username" required>
  <input type="submit" value="Submit">
</form>

<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($_POST['username'])) {
    $name = htmlspecialchars($_POST['username'], ENT_QUOTES, 'UTF-8');
    echo "<p>Hello, " . $name . "!</p>";
}
?>

Explanation
This example includes PHP and HTML in the same file. It checks whether the request method is POST using $_SERVER['REQUEST_METHOD'] and displays a greeting if the name has been entered.

Example of an addition form

This practical example inputs two numbers and displays the sum. The form inputs are converted to numbers and calculated.

Code example (HTML + PHP)

<!-- add_form.php -->
<form method="post" action="">
  Number 1: <input type="number" name="num1" required>
  Number 2: <input type="number" name="num2" required>
  <input type="submit" value="Calculate">
</form>

<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $num1 = isset($_POST['num1']) ? (int)$_POST['num1'] : 0;
    $num2 = isset($_POST['num2']) ? (int)$_POST['num2'] : 0;
    $sum = $num1 + $num2;
    echo "<p>Result: {$num1} + {$num2} = {$sum}</p>";
}
?>

Explanation
Using type="number" encourages numeric input, and on the PHP side, the inputs are cast to integers with (int) for calculation. You can safely process the values submitted by the user and dynamically display the result.