Find out HTTP method in PHP
$_SERVER['REQUEST_METHOD']
See the docs. It will contain the request method upper-cased (i.e. 'GET', 'HEAD', 'POST', 'PUT').
Detecting request type in PHP (GET, POST, PUT or DELETE)
By using
$_SERVER['REQUEST_METHOD']
Example
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// The request is using the POST method
}
For more details please see the documentation for the $_SERVER variable.
How to detect HTTP method in CodeIgniter
Thanks to Branden, I've found the answer.$this->input->server($index)
is identical to $_SERVER[$index]
.
To get method you can use: $this->input->server('REQUEST_METHOD')
.
UPDATE: (thanks to Ecir Hana)
As of CodeIgniter 3, using of method is also possible:
echo $this->input->method(TRUE); // Outputs: POST
echo $this->input->method(FALSE); // Outputs: post
echo $this->input->method(); // Outputs: post
Check whether a request is GET or POST
Better use $_SERVER['REQUEST_METHOD']
:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// …
}
Confused on GET and POST Method
This is just down to PHP having poor names for $_GET
and $_POST
.
$_GET
will contain data from the query string of the requested URL. This is completely independent of the request method used.
PHP probably picked the name because an HTML form with method="GET"
will put the data in the query string, but that isn't the only way a query string can be created.
Is it safe to use switch to determine the HTTP method?
Why would you avoid using this function?
Many programmers would pick their reasons to avoid using "switch" statements, depending on the context.
For instance, a project might have many "switch" statements with duplicated code to do something that would be solved with polymorphism.
The "switch", in this case, is being used to map HTTP methods with callables (except the "default"): you could map http methods to callables that could be replaced in runtime. Python programmers who follow the "pythonic philosophy" use dictionaries to do the same thing that "switch" statements do, but with the ability to change the map in runtime.
Is there a vulnerability in using the switch statement itself, or is
it the $_SERVER variable that makes it vulnerable?
No, there aren't vulnerabilities in using "switch" by itself.
You should not thrust the values from $_SERVER because they're input from web clients (usually browsers). A simple "curl" script can send inaccurate or invalid data, such as the IP address, User-agent, the referer, etc. This is useful for web scraping (some websites are implemented to prevent naive scraping).
Check the "filter_input" function to filter values from global variables with input values ($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV).
An answer in this post (Is $_SERVER['QUERY_STRING'] safe from XSS?)
recommends the use of htmlentities to protect $_SERVER values. Is this
sufficient?
It depends on the context.
For instance, if you want to use it for javascript code, it would not be enough to protect from XSS. In this case, you'd need to to use a function to escape the strings for javascript ("json_encode" might be helpful in this case).
How do I find out the version of HTTP in a request using PHP and Apache
$_SERVER['SERVER_PROTOCOL']
as at $_SERVER
Docs:
'SERVER_PROTOCOL'
Name and revision of the information protocol via which the page was requested; i.e.'HTTP/1.0'
;
See as well:
- Find out HTTP method in PHP
Which HTTP method GET or POST i should use for creating PHP Restfull login API?
The following table compares the two HTTP methods: GET and POST.
Related Topics
How to Get User's Screen Resolution with PHP
PHP Dynamic Name for Object Property
Mysqli_Fetch_Array Returning Only One Result
Simplexml Get Element Content Based on Attribute Value
Commenting Interpreted Code and Performance
Using Windows Authentication with PHP
How to Use an Object Method as a Callback Function
How to Protect My Source Code When Deployed
Parse Error: Syntax Error, Unexpected '' (T_Encapsed_And_Whitespace)
Supplied Key Param Cannot Be Coerced into a Private Key with Google APIs
Mysql_Fetch_Array Returns Duplicate Data
Parse Math Operations with PHP
Nginx Issues Http 499 Error After 60 Seconds Despite Config. (PHP and Aws)