Introducing
The purpose of this answer is just to clarify and put things on track.
Regarding the processing of data to make a request or sending data secure, the 4 existing answers, up to the date of publication of this reply, are enough to understand the basics on sanitization, filtering and validation of data, so let’s start to unravel the subject:
The global PHP variable, $_GET
This global variable is used to rescue data received by the GET method.
Simple as that, there’s not much to say.
Handbook: http://php.net/manual/en/reserved.variables.get.php
HTTP data sending methods
This is a subject that has nothing to do with PHP.
HTTP is a protocol used to transfer "hypertext" (Hypertext Transfer Protocol). General information on Wikipedia: https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
Therefore, the HTTP protocol is one thing and $_GET is a PHP resource.
A request by the GET method does not necessarily need to have parameters. An example, when entering the following address in a browser: /, will already be sending a request by the GET method. This is the standard method of sending data.
What is safe to send by GET method?
It is recommended to send only data non-sensitive. Sensitive data, private information such as passwords, credit card, login, etc.
The reason for not sending sensitive data through the GET method is because it is visibly very easy for anyone to obtain such data, even offline, as Urls are typically cached on the user’s device.
However, even the POST method should not send sensitive data without encryption.
Summarizing, in general, there is no problem in sending data by the GET or POST method or other rest methods.
It’s not GET’s fault
Part of the problem is the sloppy way people pass on information, in order to summarize a subject, they end up teaching in an inappropriate way. For example, the question you asked is meaningless. But I believe it is due to a subject that was addressed in the other answers, which is the processing and validation of the received data.
Validation of data by both GET and POST, if not done well, can lead to serious security issues.
Sending the data itself is not a problem because that is the HTTP protocol. What will affect the security or the correct functioning of the system you receive, that is, the responsibility of what will be done with the received data is entirely of the system that receives the data. It is also valid to point out that depending on the type of data being received, who sends also has responsibility, see what I mentioned above about sensitive data.
The HTTP protocol itself is just a road through which data flows.
The
$_GET
is not obsolete, is the variable$HTTP_GET_VARS
who is!– Oeslei
As @Oeslei reported it is not $_GET that this obsolete is $HTTP_GET_VARS. $HTTP_GET_VARS contains the same information initially, but is not a superglobal. (Note that $HTTP_GET_VARS and $_GET are different variables and that PHP handles them differently)
– Hiago Souza