GET and POST are the same from security perspective (use SSL insteed). GET is recommended for pages requiring bookmarking. GET will limit the size and type of data to be send. POST is the only method for uploading files.


To create an url that contains query data, use urlencode(). PHP interpreter automatically decodes data for us
$value = "A&B";

echo "" . urlencode($value);
    // data=A+%26+B

echo $_GET['order']['by']; // Outputs: column

File Uploads

Enctype='multipart/form-data' Upload checks: error, tmp_name, size, is_uploaded_file Filter and change the file name
<form enctype="multipart/form-data" 
        action="index.php" method="post">
    <input type="hidden" name="MAX_FILE_SIZE" value="50000" />
    <input name="filedata" type="file" />
    <input type="submit" value="Send file" />
MAX_FILE_SIZE is almost entirely meaningless, since it sits on the client side. Use insteed.
# Maximum size of POST data that PHP will accept.
post_max_size = 8M

# Maximum amount of time each script may spend parsing request data
max_input_time = 60    
# Maximum allowed size for uploaded files.
upload_max_filesize = 2M
Once a file is uploaded to the server, PHP stores is in a temporary location.
<form enctype="multipart/form-data" 
        action="index.php" method="post">
    <input name="filedata" type="file" />
    <input type="submit" value="Submit" />
if(!empty($_FILES['filedata']['tmp_name']) && 
    $_FILES['filedata']['error'] === 0 && 
    $_FILES['filedata']['size'] > 0){
    if (is_uploaded_file($_FILES['filedata']['tmp_name'])) {
        // move and rename    

  Last update: 297 days ago