Can I use $_POST & $_GET at the same time?

Question

I have a following form:

<form action="doThis.php?warehouse=12" method="post">
  <input name="field1" type="text" />
  <input name="field2" type="text" />
</form>

And doThis.php:

$field1 = mysql_real_escape_string($_POST['field1'], $mysql);
$field2 = mysql_real_escape_string($_POST['field2'], $mysql);

$warehouse = $_GET['warehouse'];
if ( !someTableNameValidation($warehouse) ) {
    someErrorHandling();
}
$qry = "INSERT INTO table".$warehouse." ( field1, field2 ) VALUES( '$field2', '$field2') ";
$result = @mysql_query($qry, $mysql);

As you can see, I'm using $_POST to get data from the form, and $_GET to get variable $warehouse which is used to indicate table number.

Can I use both $_POST & $_GET at the same time? Is this kind of usage correct?

Answer 1

Yes you could. $_GET['warehouse'] will be taken from the query string, $_POST variables from submitted POST values.

Answer 2

Yes I always do that.

Also note you should never use mysql_query. Search for php PDO. Not to mention the awful @ for suppressing error

Answer 3

Yes, however it should be:

$field1 = $_POST['field1'];
$field2 = $_POST['field2'];

$warehouse = $_GET['warehouse'];

$qry = "INSERT INTO table".$warehouse." ( field1, field2 ) VALUES ('".mysql_real_escape_string($field2)."', '".mysql_real_escape_string($field2)."')";
$result = @mysql_query($qry);

(Fixed syntax)

Answer 4

I frequently use POST and GET together, so that the PHP side can know whether it was a normal form submission or via AJAX.

<form action='dest.php'>
.
.
.

vs

ajaxSubmit( 'dest.php?a=1', ... );

Answer 5

Yes, this is possible. But you could also use a hidden field:

<form action="doThis.php">
<input type="hidden" name="warehouse" value="12" />
<input name="field1" type="text" />
<input name="field2" type="text" />

Please be aware that your code is very vulnerable to sql injections!