ScotlandComputer ScienceSyllabus dot point

How does server-side PHP process a form and read or write a database to make a site dynamic?

Implement server-side functionality with PHP, handling form data with GET and POST, using sessions, and connecting to a database to run SQL queries from a web page.

A focused answer to the SQA Advanced Higher Computing Science content on server-side scripting, covering PHP, handling form data with GET and POST, sessions, and connecting a web page to a database to run SQL.

Generated by Claude Opus 4.813 min answerUpdated 2026-06-16

Reviewed by: AI editorial process; not yet individually human-reviewed

Have a quick question? Jump to the Q&A page

Jump to a section

What this dot point is asking
Server-side scripting with PHP
Handling form data: GET and POST
Sessions
Connecting to a database
Try this

What this dot point is asking

The SQA wants you to write server-side code in PHP: receive data submitted from an HTML form, process it, keep track of a user across pages with sessions, and connect to a database so a web page can read and write stored data. This server-side layer is what turns a static site into a dynamic, data-driven one.

Server-side scripting with PHP

PHP runs on the web server, not in the browser. When a page is requested, the server executes the PHP, which produces HTML that is sent to the browser; the user never sees the PHP source. This makes it the right place for anything that must be trusted or hidden: processing form submissions, applying business rules, and talking to a database.

Handling form data: GET and POST

An HTML form sends its fields to a PHP script using one of two methods. GET appends the data to the URL as a query string, so it is visible in the address bar, can be bookmarked, and is limited in length; it suits harmless data such as a search term. POST sends the data in the body of the request, hidden from the URL and effectively unlimited in length; it suits sensitive or large data such as a password or a long message. PHP reads the values from the matching superglobal array.

Reading a submitted form

Set the form method

The form declares how it sends data and where.

<form method="post" action="process.php">
  <input type="text" name="username" />
  <button>Send</button>
</form>

Read it in PHP

The script reads the named field from the POST data.

 $name =$ _POST["username"];

Choose the method deliberately

Use POST for a login so the password never appears in the URL or browser history; use GET for a shareable search query.

Sessions

HTTP is stateless: each request is independent, so the server does not naturally remember a user between pages. A session fixes this by storing data on the server, tied to the user by a session identifier, so information such as "this user is logged in" or the contents of a basket persists as they move through the site. PHP starts a session and stores values in the session superglobal.

session_start();
 $_SESSION["user"] =$ name;

Connecting to a database

The most important server-side job is making a page data-driven. PHP connects to the database server, sends an SQL query through that connection, receives a result set, and loops through it to output HTML. This is how a product list, a search result or a user's orders appear on a page: the data lives in the database and PHP fetches it on each request.

Displaying database data

Connect and query

Open a connection with the credentials, then send a SELECT.

 $result =$ conn->query("SELECT name FROM Customer");

Loop and output

Walk the result set, writing each row into the page as HTML.

while ( $row =$ result->fetch_assoc()) {
  echo "<p>" . $row["name"] . "</p>";
}

Close the connection

Release the database connection when finished, so server resources are freed.

Try this

Q1. State which form method keeps the submitted data out of the URL. [1 mark]

Cue. POST (the data is sent in the request body, not the address bar).

Q2. State why a session is needed to keep a user logged in across pages. [1 mark]

Cue. HTTP is stateless, so a session stores the login on the server and links it to the user across separate requests.

Exam-style practice questions

Practice questions written in the style of SQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.

AH style: GET vs POST4 marksExplain the difference between the GET and POST methods for sending form data, and state which is more appropriate for a login form and why.

Show worked answer →

GET appends the form data to the URL as a query string, so it is visible in the address bar and can be bookmarked, and is limited in length (1 mark). POST sends the data in the body of the request, so it is not shown in the URL and has no practical length limit (1 mark). A login form should use POST (1 mark), because the password must not appear in the URL, browser history or server logs, which POST avoids by keeping the data out of the address bar (1 mark). Markers want the visibility distinction and POST justified for sensitive data.

AH style: PHP and a database3 marksDescribe the steps a PHP script takes to display data from a database table on a web page.

Show worked answer →

Connect to the database server, giving the host, database name and credentials (1 mark). Send an SQL SELECT query through the connection to retrieve the required rows (1 mark). Loop through the returned result set and output each row as HTML so it appears on the page, then close the connection (1 mark). Markers reward the connect, query, and process-and-output steps in a sensible order.

Related dot points

Sources & how we know this

SQA Advanced Higher Computing Science Course Specification — SQA (2025)
Website design and PHP in-built functions question paper workshop materials — SQA (2024)