Web Programming

HTTP Method GET, POST, and File Upload

 Aryo Pinandito, ST, M.MT

HTTP Method
HTTP Methods
 HTTP methods indicate the desired action to be
performed on the identified resource.
 What this resource represents, whether pre-
existing data or data that is generated
dynamically, depends on the implementation of
the server.
 The resource corresponds to a file or the output of
an executable residing on the server.
 The HTTP/1.0 specification defined the GET,
POST and HEAD methods
 HTTP/1.1 specification added 5 new methods:
OPTIONS, PUT, DELETE, TRACE and
CONNECT.
Sending Variables:
Request Method
 GET
 Requests data from a specified resource via URL
 However, client informations are sent in the form of
variables through URL as a Query String
 POST
 Submits data to be processed to a specified
resource
 Sending request variables through the POST body.
Variable name and it’s value will not be shown on
the URL
Query String
 In the World Wide Web, a query string is the
part of a Uniform Resource Locator (URL) that
contains data to be passed to web applications
such as a PHP or CGI programs.
 Each variables and its values are separated
with an equal sign (=)
 Each variables data name and value pair is
separated by an ampersand symbol (&)
 Query String in a URL
domain requested
name resource

http://domain.com/index.php?title=Main+Page&action=raw

protocol Top Level query string

name Domain
(TLD)
Variables and its values
will be sent to the resource
requested
Building Query String
 Writing a PHP program that generates a query
string attached to a URL using the following code
<?php $name = "Djoko"; ?>
<a href="http://domain.com?name=<?php echo $name; ?>">
Click Here
</a>

 When the code runs, it produces the following

output:
<a href="http://domain.com?name=Djoko">
Click Here
</a>
Sending Variables
through HTML Form
 Uses HTML <form> tag
 Set the requested resource to the action attribute
<form action="program.php">
...
</form>
 Set method attribute to controls the way that
information is sent to the requested resource on the
server.
<form action="program.php" method="GET">
or
<form action="program.php" method="POST">
GET Method
 Browser automatically appends the information
given from the HTML form to the URL when it
sends the page request to the web server
 Example:
<form action="test.php" method="GET">
 If the form is submitted then the page will be
redirected to:
http://domain.com/test.php?color=red&speed=70
POST Method
 However, information in the form is sent in the
body of http request and doesn’t appear in the
URL using POST method

<form action="myprogram.php" method="POST">

<input name="color" value="red" />
<input name="email" value="name@domain.com" />
</form>
HTML Standard Form
Input Fields
 Text Fields
<input type="text" name="text1" />

 Password Field
<input type="password" name ="pass" />

 Radio Buttons
<input type="radio" name="radio1" value="Men" />
<input type="radio" name="radio1" value="Women" />

 Checkboxes
<input type="checkbox" name="vehicle" value="Bike" />

 Submit Button
<input type="submit" value="Submit" />

 Hidden fields
<input type="hidden" name="product_id" value="122" />
POST and GET Variables
Retrieval
 Retrieved using PHP's super global arrays
 $_GET for variables sent using GET method
 $_POST for variables sent using POST method
 $_REQUEST for variables sent using GET or
POST
$color = $_GET['color'];
value will be variable
stored here name

Change $_GET to $_POST or $_REQUEST accordingly

Example
 URL
http://domain.com/process.php?name=Aryo
 In PHP
<?php
echo "Welcome, " . $_GET['name'] . ".";
?>
 Will produce:
Welcome, Aryo.
Change $_GET to $_POST or $_REQUEST accordingly
Upload File
 Use a form with POST method and encoding type
multipart/form-data
 Use input control with type: file

<form action="upload.php" method="post"

enctype="multipart/form-data">
Select image to upload:
<input type="file" name="upfile">
<input type="submit"
value="Upload Image" name="submit">
</form>
Handling File Upload
 The global $_FILES will contain all the
uploaded file information.
 Note that this assumes the use of the file
upload name upfile, as used in the example
script above. This can be any name.
 $_FILES['upfile']['name']
 The original name of the file on the client machine.

 $_FILES['upfile']['size']
 The size, in bytes, of the uploaded file.
Handling File Upload (2)
 $_FILES['upfile']['type']
 The mime type of the file, if the browser provided this
information. An example would be "image/gif". This mime
type is however not checked on the PHP side and
therefore don't take its value for granted.
 $_FILES['upfile']['tmp_name']
 The temporary filename of the file in which the uploaded
file was stored on the server.
 $_FILES['upfile']['error']
 The error code associated with this file upload.
Handling File Upload
Example
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir .
basename($_FILES['upfile']['name']);

if (move_uploaded_file($_FILES['upfile']['tmp_name'],
$uploadfile)) {
echo "File is valid,
and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

If upload directory is the same as PHP file that handle the file upload, then
you can change the $uploaddir value to "."
Questions?