I know result page that uses GET method can be bookmarked while the one using POST cannot be. I also know about the restrictions of the GET methods.

Now suppose I want to build a search engine which by default uses GET allowing users to bookmark but when the length of the search phrase exceeds the limit, switch to POST. On the server side I make use of $_GET or $_POST depending on which is set.

Is this doable?
If no, why?
If yes, please provide a brief outline.

Thanks

It is doable, no problem.

There is the $_REQUEST array that merges GET, POST, and COOKIE values but the better way would be to handle GET and POST manually in your script.

Just have your engine check both $_GET["variable"] and $_POST["variable"] and use whichever is set. If a variable is set in both methods, you need to decide which one you want to give precedence.

The only notable difference between the two methods is that a GET parameter has size limitations depending on browser and receiving web server (POST has limitations too, but they are usually in the range of several megabytes). I think the general rule is that a GET string should never exceed 1024 characters.

Here's how you could use GET and POST in one:

<form action="myfile.php?var1=get1&amp;var2=get2&amp;var3=get3" method="post">

    <input type="hidden" name="var1" value="post1" />
    <input type="hidden" name="var2" value="post2" />

    <input type="submit" />
</form>

The PHP:

print_r($_REQUEST);
// var1 = "post1"
// var2 = "post2"
// var3 = "get3"

print_r($_GET)
// var1 = "get1"
// var2 = "get2"
// var3 = "get3"

print_r($_POST);
// var1 = "post1"
// var2 = "post2"

You could use something like the following:

<?php
function getParam($key)
{    
    switch (true) {
        case isset($_GET[$key]):
            return $_GET[$key];
        case isset($_POST[$key]):
            return $_POST[$key];
        case isset($_COOKIE[$key]):
            return $_COOKIE[$key];
        case isset($_SERVER[$key]):
            return $_SERVER[$key];
        case isset($_ENV[$key]):
            return $_ENV[$key];
        default:
            return null;
    }    
} 

It's also as well to be aware that using GET opens up a temptation among certain sets of users to manipulate the URL to 'see what happens' so it's absolutely necessary to ensure that your code suitably sanitises the input variables.

Of course you were doing that anyway ;-). But with get it pays to be doubly paranoid.

Myself if I'm using GET I'll generally set a cookie too and drop an ID of some sort in it, then cross-correlate that to a variable in the GET list, just to make sure there's absolutely no issues over user A manipulating the input and letting them see anything originating with user B.

Yes its doable, although (IMHO) the limit at which GET becomes cumbersome is significantly greater than the threshold at which a user interface for providing this much information becomes unusable. Also, the more complex a query you submit to a conventional search engine, the more effectively it can be resolved.

But I'm guessing you have your reasons.

The simplest way, from the information you've provided, to achieve this would be to change the form method at run time from GET to POST using javascript, e.g.

<form method='GET' id='searchform' target='search.php' onsubmit='
  if (document.getElementById("searchdata")) {
    if ((document.getElementById("searchdata").length >$some_threshold) 
         && (document.getElementById("searchform"))) { 
         // 2nd if in case this moved to action for button 
         document.getElementById("searchform").method="POST";
     }
   }
 return true;'>
 <textarea name='searchdata' id='searchdata'>
 </textarea>
 <input type='submit' value='go get it'>
</form>

Which also downgrades nicely for non-javascript clients.

C.

function getQVar($key){
     return isset($_GET[$key]) ? $_GET[$key] : (isset($_POST[$key]) ? $_POST[$key] : null); 
}
echo getQVar("name");

Switch around $_GET and $_POST to prioritize POST over GET vars.