Using the GET method in PHP for form handling involves sending form data through the URL query string. This method is suitable for scenarios where data is not sensitive and can be exposed in the URL. It’s typically used for search forms, filtering data, or other non-sensitive queries.

Steps for Form Handling with GET Method in PHP and MySQL

1. Create an HTML Form

Create an HTML form that uses the GET method to send data to a PHP script.

<!DOCTYPE html>
<html>
<head>
    <title>GET Form Handling</title>
</head>
<body>
    <form action="process_form_get.php" method="get">
        <label for="search">Search:</label>
        <input type="text" id="search" name="search" required>
        <br>
        <input type="submit" value="Search">
    </form>
</body>
</html>

• method="get": Specifies that the form data will be sent via the URL query string.
• action="process_form_get.php": The URL of the PHP script that will process the form data.

2. Process Form Data with PHP

Create a PHP script (process_form_get.php) to handle the data sent via the GET method. This script will validate and sanitize the input data, then interact with the MySQL database.

<?php
// Database connection
$host = 'localhost';
$username = 'username';
$password = 'password';
$database = 'database';

$conn = mysqli_connect($host, $username, $password, $database);

if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

// Get form data from query string
$search = $_GET['search'];

// Validate and sanitize input
$search = mysqli_real_escape_string($conn, $search);

// Prepare and execute SQL query
$sql = "SELECT * FROM users WHERE name LIKE '%$search%'";
$result = mysqli_query($conn, $sql);

if ($result) {
    if (mysqli_num_rows($result) > 0) {
        // Output data for each row
        while ($row = mysqli_fetch_assoc($result)) {
            echo "Name: " . $row['name'] . " - Email: " . $row['email'] . "<br>";
        }
    } else {
        echo "No results found";
    }
} else {
    echo "Error: " . mysqli_error($conn);
}

// Close the connection
mysqli_close($conn);
?>

• Database Connection: Use mysqli_connect() to connect to the MySQL database.
• Get Form Data: Use $_GET to retrieve data from the query string.
• Validate and Sanitize: Use mysqli_real_escape_string() to prevent SQL injection by escaping special characters.
• Prepare and Execute Query: Use mysqli_query() to execute the SQL query.
• Error Handling: Check if the query was successful and handle any errors.
• Close Connection: Close the database connection with mysqli_close().

3. Security Considerations

• URL Length Limitations: The GET method has limitations on URL length, which might be a concern for larger datasets or complex queries.
• Sensitive Data: Avoid using the GET method for sensitive data (like passwords) as the data is exposed in the URL.
• SQL Injection: Always sanitize inputs to prevent SQL injection attacks. Using prepared statements is recommended for better security.

4. Example Scenario

Suppose you have a database of users and want to search for users by name. The GET form allows users to enter a search term, and the PHP script queries the database to find and display matching records.

Complete Example Workflow

1. HTML Form: Collects search input and sends it to the PHP script via the GET method.
2. PHP Processing Script: Retrieves, sanitizes, and processes the form data. Queries the database and displays the results.
3. Display Results: The PHP script outputs the results to the user.