Reputation: 6439
$_POST vs. $_SERVER['REQUEST_METHOD'] == 'POST'
Some guy called one of my Snipplr submissions "crap" because I used if ($_SERVER['REQUEST_METHOD'] == 'POST') instead of if ($_POST)
Checking the request method seems more correct to me because that's what I really want to do. Is there some operational difference between the two or is this just a code clarity issue?
Upvotes: 141
Views: 281802
Answers (11)
Reputation: 86805
They are both correct. Personally I prefer your approach better for its verbosity but it's really down to personal preference.
Off hand, running if($_POST) would not throw an error - the $_POST array exists regardless if the request was sent with POST headers. An empty array is cast to false in a boolean check.
Upvotes: 4
Reputation: 73
As long as I may need to access my PHP scripts with more than one method, what I do actually is:
if (in_array($_SERVER['REQUEST_METHOD'],array("GET","POST","DELETE"))) {
// do wathever I do
}
Upvotes: 2
Reputation: 27
$this->method = $_SERVER['REQUEST_METHOD'];
if ($this->method == 'POST' && array_key_exists('HTTP_X_HTTP_METHOD', $_SERVER)) {
if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'DELETE') {
$this->method = 'DELETE';
} else if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'PUT') {
$this->method = 'PUT';
} else {
throw new Exception("Unexpected Header");
}
}
Upvotes: 1
Reputation: 9122
I used to check $_POST until I got into a trouble with larger POST data and uploaded files. There are configuration directives post_max_size and upload_max_filesize - if any of them is exceeded, $_POST array is not populated.
So the "safe way" is to check $_SERVER['REQUEST_METHOD']. You still have to use isset() on every $_POST variable though, and it does not matter, whether you check or don't check $_SERVER['REQUEST_METHOD'].
Upvotes: 23
Reputation: 2016
if ($_SERVER['REQUEST_METHOD'] == 'POST') is the correct way, you can send a post request without any post data.
Upvotes: 47
Reputation: 78518
Well, they don't do the same thing, really.
$_SERVER['REQUEST_METHOD'] contains the request method (surprise).
$_POST contains any post data.
It's possible for a POST request to contain no POST data.
I check the request method — I actually never thought about testing the $_POST array. I check the required post fields, though. So an empty post request would give the user a lot of error messages - which makes sense to me.
Upvotes: 180
Reputation: 1
It checks whether the page has been called through POST (as opposed to GET, HEAD, etc). When you type a URL in the menu bar, the page is called through GET. However, when you submit a form with method="post" the action page is called with POST.
Upvotes: -1
Reputation: 1712
If your application needs to react on request of type post, use this:
if(strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') { // if form submitted with post method
// validate request,
// manage post request differently,
// log or don't log request,
// redirect to avoid resubmition on F5 etc
}
If your application needs to react on any data received through post request, use this:
if(!empty($_POST)) { // if received any post data
// process $_POST values,
// save data to DB,
// ...
}
if(!empty($_FILES)) { // if received any "post" files
// validate uploaded FILES
// move to uploaded dir
// ...
}
It is implementation specific, but you a going to use both, + $_FILES superglobal.
Upvotes: 15
Reputation: 41
You can submit a form by hitting the enter key (i.e. without clicking the submit button) in most browsers but this does not necessarily send submit as a variable - so it is possible to submit an empty form i.e. $_POST will be empty but the form will still have generated a http post request to the php page. In this case if ($_SERVER['REQUEST_METHOD'] == 'POST') is better.
Upvotes: 4
Reputation: 166066
It's really a 6 of one, a half-dozen of the other situation.
The only possible argument against your approach is $_SERVER['REQUEST_METHOD'] == 'POST' may not be populated on certain web-servers/configuration, whereas the $_POST array will always exist in PHP4/PHP5 (and if it doesn't exist, you have bigger problems (-:)
Upvotes: -3
Reputation: 57
They both work the same way, but $_POST should be used as it is cleaner. You can add isset() to it to check it exists.
Upvotes: -18
Related Questions
- PHP $_REQUEST $_GET or $_POST
- Should I use `php://input` and/or `$_POST`?
- Difference between $POST and $_POST in PHP
- isset($_POST['submit']) vs $_SERVER['REQUEST_METHOD']=='POST'
- Reason for checking if $_SERVER['REQUEST_METHOD'] == 'POST'?
- php $_SERVER POST methods the new and more efficient style?
- if ($_SERVER['REQUEST_METHOD'] === 'POST') doesn't seem to work
- PHP $_POST, $_GET, or $_REQUEST
- $_POST and $_SERVER['REQUEST_METHOD'] == 'POST'
- When posting info from a form, is it better to use $_REQUEST or $_POST?