Home/ Questions/Q 4615032
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T01:46:56+00:00

Are there any rules one needs to follow when naming POST variables in a

  • 0

Are there any rules one needs to follow when naming POST variables in a form or GET variables in a query string?

Thanks-

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    TO answer the question literally, there really are no “rules” I’m aware of for naming $_POST and $_GET array keys in php. It’s an array like any other. Take a look at this working example on Codepad:

    <?php
$_POST['♠♣♥♦'] = 'value1';
$_POST['\'\'\'\''] = 'value2';
$_POST['<?php echo "Hello World"; ?>'] = 'value3';
$_POST['     '] = 'value4';
$_POST[''] = 'value5';
$_POST['@#$%^&*()'] = 'value6';

print_r($_POST);

    In the case of form input names, they just have to be legal HTML “name” attributes (see below). However, in practice, a lot of unusual characters will actually work. Keep in mind that this doesn’t mean it’s a good idea. Different servers (and probably different browsers) will act differently with some characters like spaces for instance.

    As Tadeck has noted, duplicate keys will be overwritten by the last one when reading, but using brackets[] will solve this on the client side by turning the variable into an array.

    As far as naming conventions and best practices, there isn’t a lot of room. It’s suggested that you stick to A-Z a-z 0-9, dashes, and underscores. Although Ajay has suggested using database column names for form input names as a matter of convenience, many people will tell you that it is bad practice to expose information about your database to the public. I think invertedlambda probably has the closest answer here to the question, and Tadeck has the closest answer as far as best practices.

    Regarding HTML “name” attributes: http://www.w3.org/TR/html4/types.html#h-6.2

    ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens (“-“), underscores (“_”), colons (“:”), and periods (“.”).

    Maybe someone can enlighten me as to whether or not the above document is a rule or a recommendation, I’m by no means an expert on this subject. I seem to have no issues breaking some of these rules in practice. I also have no problem validating this example document as XHTML strict:

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8" />
</head>
<body>
<div><form action="" method="post">
<div>
<input name="♠♣♥♦" />
<input name="''''" />
<input name=")(&amp;#$)%#$%" />
</div>
</form>
</div>
</body>
</html>

    Paste it into the validator, it will pass.

    One more best practice to add: Make your form input names or get/post keys meaningful, as with every other naming convention of course. Don’t use input1 and $_GET['param']. Use names that describe the meaning, like last_name or $_GET['sort_order'].

    • 0