Originally Posted by countrydj
I must admit, I don't really know when to use POST and when to use GET.
Is there a rule of thumb ???.
When the data is passed in a querystring (that is after a ? as part of a web address) then you read it using $_GET.
If the data is being passed from a form that has method="POST" then you read it using $_POST.
Note that in both cases you should validate the content received looks reasonable before moving it to another field for subsequent processing by your code - preferably validation but at least sanitize the data before moving it. That way you keep the tainted fields separated from the untainted ones.