密码出现在PHP post请求中是否正常，即使它是HTTPS页面？

In PHP, when making a login page, if your page is HTTPS, is it common for the username/password to appear in the request post information?

Shouldn't the password be encrypted? What am I missing?

Here is an example of what I'm talking about: this website is called souq.com where you can see in Firebug monitoring it's showing the username and password.

It is encrypted when sent over the internet. What you see here is what your browser sent to the server before it became encrypted.

Therefor what you see in Firebug has nothing to do with how it looks like when being sent through the web.

Firebug sees the data before and after encryption so yes, you will be able to see it. But it's only visible within the application , so don't worry, this data you are seeing is all in the DOM :)

If you have more concerns about this, install something like Wireshark and you'll see that the data being transferred is indeed encrypted.

use some network sniffer (e.g. wireshark). then you will really see what goes over the wire. firebug shows you values before they really leave your browser so it's not good to check any security issues.