Basic of $_GET variables (PHP)
June 6th, 2009 by Seich
Hello everyone, today I am posting a tutorial on the basic usage of the $_GET super variable in php. This tutorial was originally posted at the MWPS community forums, which almost never is read so I figured that this would be a better place for it to be. It goes through the basics of the $_GET variable and some basic usage examples.
First, I know most people will ask, especially if you are new with PHP, what’s so special about the $_GET Variable?
Well, there’s something really special about this variable, it allows you to get information directly from the url…. yeah that’s right there’s a way to get fast user input directly from the url no forms or anything, it doesn’t necessarily needs to be user input it can also be a script leaving behind some variables for the next script and many other uses you will be able to figure out by yourself after you are done with this tutorial…. the most know use for is used on most CMS and simple page scripts. Still figuring out how does it work? I am pretty sure you will recognize how it works with this example:
1 | http://www.martianwabbit.com/page.php?id=home |
In the above example you can see something odd about the url the “?id=home” after the file name well that’s exactly where your $_GET variables are gotten from. I guess some of you will just think of the thousands of possibilities this opens and, how you can use it to improve your scripts.
But how do I get the information stored on the “?id=home”?
That’s simple first of you need to know that the above its saying that “id” equals “home” just as a variable $x = y;. Now that you know what it means you should be able to get the information easily.
Well to use that information it is recommended that you assign a variable with it so, you could use it directly but you won’t be able to edit it along the script also this helps making it easier to call and read. This is how it works:
1 | $id = $_GET['id']; |
simple isn’t it? now you can call the variable using $id and you will see how it gets whatever text it’s on the url.
a simple way to see this in action is making a simple script:
1 2 3 4 5 6 | <?php //set $id 's value to whatever is contained on the url. $id = $_GET['id']; //echo the variable's value. echo("$id"); ?> |
In the above example we set $id with the value that came with url and then we echo ‘ed it.
This is the simplified basics behind this variable but you can use this for a multitude of things. Before we go on to the “multitude of things” I want to show you how to get multiple values from a single url, yep that’s right you aren’t limited to 1 variable after the ?, you are limited….well you are not limited on the number of values you can get from the url like this.
But how do I get multiple values from the url do I separate them with a comma or what?
well in fact you could separate them with a comma but that’s the less practical way the best way is to add additional values to the url like this:
1 | http://www.martianwabbit.com/page.php?id=20&page=2 |
Noticed how I added an additional variable and value there? yeah I simply added a &(meaning “and”) and added an additional Name = Value, please notice that there is no additional ? after the &.
ok now I have two variables to play with but how do I manipulate both of them?
well this simple example can explain it better than what I could:
1 2 3 4 5 6 7 | <?php $id = $_GET['id']; $page = $_GET['page']; echo("you are looking for $id's page $page"); ?> |
see how simple it is? if the file above was named “page.php” and I typed in:
1 | http://www.martianwabbit.com/page.php?id=home&page=2 |
In the browser I would get this:
1 | you are looking for home's page 2 |
Easy right? well this is how you add multiple variable names and values through the url.
Now what? What can I do with all this information I just learned? well, I decided to include a little practical example.
Remember that I mentioned that this is commonly used in simple page systems? Well this is how it’s done:
Imagine you want to have a specific page style to be used to display some articles you could make a new HTML page for each article (which would make you waste time and effort on ) or you could use a dynamic page to grab whatever page is requested from the url and simply append the contents to the page style you want to use.
If you voted for the second option this is a way of doing it, it might get a little out of the scope of the tutorial but its only to illustrate a use for it:
First, we need to make sure a value is always set, we going to use the variable $id and $page to specify a page name($id) and a page number($page). to make sure that there’s a variable value always not only when it’s specified on the url (i.e. to display a homepage) we do a simple check !isset (means “is not set”) if this is true then a default value is used. this is how it should look like:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | <?php //we set a default value in case no page is being looked for. if(!isset($_GET['id'])){ //in case no file is being looked up. $id = "Home"; }else{ //if theres a value. $id = $_GET['id']; } //we set a default value in case no page number is specified. if(!isset($_GET['page'])){ $page = "1"; }else{ //if theres a value look for it. $page = $_GET['id']; } ?> |
ok now we are sure the variable is always there next thing we need is the html, our “template” so we make a simple html template mine looks like this:
That’s enough for it to work. Okay, now it’s time to add some content. so we add a include into the body:
1 2 3 4 5 6 | <html> <title></title> </html> <body> <?php include("pages/$id-$page.php"); ?> </body> |
ok that should work perfectly but let’s add some additional stuff to make it look nicer and more dynamic… we can add a title dynamically getting it from the page name:
1 2 3 4 5 6 | <html> <title><?php echo("$id"); ?></title> </html> <body> <?php include("pages/$id-$page.php"); ?> </body> |
ok our tile is dynamically changed but this script is still missing some stuff for it to be practical we will add a file check before including the content and an error in case the file doesn’t exist:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | <html> <head> <title><?php echo("$id"); ?></title> </head> <body> <?php //make sure file exists before attempting to open it. if(file_exists("pages/$id-$page.php")){ //if it exists open the file. include("pages/$id-$page.php"); }else{ //in case file doesn't exist throw a error. echo("file not found"); } ?> </body> |
now it’s done you should have this or something quite similar to it:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | <?php //By Seich(http://martianwabbit.com/) //we set a default value in case no page is being looked for. if(!isset($_GET['id'])){ //in case no file is being looked up. $id = "Home"; }else{ //if theres a value. $id = $_GET['id']; } //we set a default value in case no page number is specified. if(!isset($_GET['page'])){ $page = "1"; }else{ //if theres a value look for it. $page = $_GET['id']; } ?> <html> <!--html part--> <head> <!--set title dynamically depending on what file is being read.--> <title><?php echo("$id"); ?></title> </head> <body> <!--Change body Dynamically depending on the content--> <?php //make sure file exists before attempting to open it. if(file_exists("pages/$id-$page.php")){ //if it exists open the file. include("pages/$id-$page.php"); }else{ //in case file does not exist throw a error. echo("file not found"); } ?> </body> |
now you need to create a folder called “pages” in the same directory you have this script , files inside should be ending with a .php and should be named like this “name-number.php” starting from number 1 for it to work with no problems. With this you can now call the file using the a url.
1 | http://martianwabbit.com/page.php?id=name&page=2 |
this would open file : name-2.php in the body.
Okay, there you got it we have gone through all the basics behind the $_GET variable and now you know how special it is. You also know how practical it can be and how much time it can save you (as PHP can in general) and we also went through a practical example which can obviously be expanded as much as you want to make… idk… a full CMS or anything you can dream of…
Hope this helped you understand one important part behind PHP. if by any reason you don’t understand something or have a question or simply love it just leave a comment here.
Oouucchh…
it’s very easy but it takes more than 30 minutes before I found this post. Thanks so much bro.
I’m newbie on php
Thank’s man for your help.
:] I am glad someone found it useful..
Values in the GET array should not be trusted. You need to clean them before using them. Including files in this way opens your site up to reading arbitrary files on your web server. Try moving around the fs using ../../ and stuff. Also, echoing the unclean id in the title tag allows for Cross Site Scripting stuff like this: http://martianwabbit.com/page.php?id=alert(/XSS/);
Wordpress stripped out my tags. If you surround that JavaScript alert with script tags, it will execute and create a JS pop-up. I’ll paste the escaped html here, but wordpress might filter it again. I hope you get the idea.
page.php?id=<script>alert(/XSS/)</script>
Yes, I definately agree with you, this code example is by no means production safe and shouldn’t be used at all. It was mostly used to show how information from the $_GET array could be used.
Hi I just wan to ask :
if I have this var =”THE MAN”
can this var be sent by $_GET[] ? tx if you don’t mind pls reply to my email too.
rgds,
-daryl
If you had a variable $test = “hello World” you would be able to pass it on to the next page by adding “?test=Hello World” to the link.. that way you would be able to retrieve it using $test = $_GET['test']; if you are using a form or something of that kind I would recommend using $_POST stuff.. if you give me some few details about what you are trying to do I could be a little more specific..
Thanks Seich,
That helps introduce me to php and how the previous programmer structured our pages.
Drupal PHP Code Monkey says the GET array isn’t safe.
How do I make it production safe?
Do you have a tutorial?
I don’t really have a tutorial for that. Sorry. the thing about get variables is that you can freely edit them when you pass them. The best way to have them being safe is to check the values being passed with a very rigorous criteria. escaping characters, making sure it cannot do anything else than what you want it to.
If you tell me a little on what kind of thing you are trying to make I’ll gladly try to help you as much as possible.
Came accross this when searching google. Very helpful thank you!
Just have a question, I was wondering what bots like googles crawler see when you have pages like this? Do they struggle to index your entire site? Basically, it is good for SEO?
It is not really bad for SEO, you can take a look at wordpress for example, all pages are dynamically generated and it works fine with web-crawlers. Pages are pre-rendered by the server for the crawlers so, they see the same as you do. If you are interested in SEO the best thing to do is edit your .htaccess file so that your pages are something more meaningful (http://www.something.com/pagename/ rather than http://www.something.com/index.php?page=pagename). This is used by sites like wordpress and such. I would recommend you check out this tutorial for more information: http://net.tutsplus.com/tutorials/other/using-htaccess-files-for-pretty-urls/
This can be easily achieved if you are pulling information out of a mysql database since, you can just have the url be the query and figure some kind of organization mechanism. Just make sure to double-check for the value being entered to protect yourself from an sql injection as much as possible.