$_Post Vs. $_Server['Request_Method'] == 'Post'

$_POST vs. $_SERVER['REQUEST_METHOD'] == 'POST'

Well, they don't do the same thing, really.

$_SERVER['REQUEST_METHOD'] contains the request method (surprise).

$_POST contains any post data.

It's possible for a POST request to contain no POST data.

I check the request method — I actually never thought about testing the $_POST array. I check the required post fields, though. So an empty post request would give the user a lot of error messages - which makes sense to me.

!empty($_POST) vs. $_SERVER['REQUEST_METHOD'] == 'POST'

PHP's choice to name $_POST and $_GET as they did was terrible, and is mostly leading to confusion here. $_GET contains the request URL's query parameters, while $_POST contains the parsed request body data (if it's application/x-www-form-urlencoded).

Any URL, and thereby any request, can contain URL query parameters, so $_GET can be and is used with any sort of request, not just HTTP GET requests. HTTP POST and PUT requests (and arguably any other verb you make up) can contain a urlencoded request body, which would/could end up in $_POST (not sure off the top of my head whether PHP bothers parsing body data for anything but POST requests). A POST or PUT request also doesn't have to contain body data; if an empty POST request makes sense in your application, so be it.

So, $_POST, POST, $_GET, GET, request body data, query parameters etc. are all rather orthogonal to each other.

If you want to check the method of the HTTP request, check $_SERVER['REQUEST_METHOD']. If you want to know whether any urlencoded body data was sent, check whether there's data in $_POST. For that purpose, if ($_POST) is enough. An empty array evaluates as falsey. Oftentimes you can probably substitute one for the other, but that depends on what you're trying to check.

empty is used for suppressing error reporting on otherwise undefined variables. Other than that it behaves exactly as a normal truthy/falsey check.

What does this $_SERVER['REQUEST_METHOD'] === 'POST' do?

say your page is called yourpage.php -- What that code means is that the portion of code in the IF statement will ONLY be run if you are accessing yourPage.php page via Posting a form. So if you just load that page normally, by typing yourpage.php in the address bar. that code will not run.

But if you have some < form action='yourPage.php' >. When you submit that form, and you come to yourpage.php That code will run only in that instance. When the page has come via posting.

Its basically a way to ensure that certain code will only happen AFTER the posting of the form, think of a message like "Thanks for filling out our survey!" which pops up after you submit your form only, but still on the same page.

why should we use if( $_SERVER[ REQUEST_METHOD ] == POST )

$_SERVER['REQUEST_METHOD']

contains the request method. It is used to check request method.This variable also says if the request is a 'GET', 'HEAD', 'POST' or 'PUT' request.

isset($_POST['submit']) vs $_SERVER['REQUEST_METHOD']=='POST'

These mean two different things. The first, checks to see if when the form was submitted the parameter submit was passed. Many use this snippet to verify that a form has been sent. This works because the submit button is technically an <input> so it's value is sent along with any other elements that were part of the form.

<?php
    if(isset($_POST['submit'])) { // This way form and form logic can be adjacent to each other
        // Logic
    }
?>
<form method='POST' action='<?= $_SERVER['REQUEST_URI'] ?>'>
   <!--- other form stuff -->
   <input type="submit" name="submit" value="Send!" />
</form>

The second snippet tests if the form was submitted with the POST method. This doesn't necessarily mean that the form button was pushed. If it wasn't submitted with POST, then the superglobal $_POST would be empty.

Reason for checking if $_SERVER['REQUEST_METHOD'] == 'POST'?

If the user comes from the previous form then the request method is POST indeed. But anyone can make a request to your server, for example via CURL or a custom program. There is no stopping people making random request to your pages.

Therefore you cannot be sure that the request method on the server is indeed POST, and all data is present.

In another context it can be used to check if the form has actually been submitted. For example:

<?php if($_SERVER['REQUEST_METHOD'] == 'POST') { ?> <!-- The server has recieved something via POST! -->
    Thank you for submitting the form!
<?php } else { ?> <!-- No postdata, lets show the form! -->
    <form method='POST'> <!-- By setting the method we ask that the client does a post request. -->
        <input type='submit' />
    </form>
<?php } ?>

Related Topics

How to Login in With Curl and Ssl and Cookies

What Does "1" Mean At the End of a PHP Print_R Statement

Woocommerce: Which Hook to Replace Deprecated "Woocommerce_Add_Order_Item_Meta"

How to Change Public Folder to Public_Html in Laravel 5

How to Access a Property With an Invalid Name

Is There a Pdf Parser For PHP

How to Make a Simple Crawler in PHP

How to Replace Different Newline Styles in PHP the Smartest Way

How to Remove Non-Alphanumeric Characters

Codeigniter Displays a Blank Page Instead of Error Messages

Is There a Built-In Way to Get All of the Changed/Updated Fields in a Doctrine 2 Entity

PHP Fileinfo Is Undefined Function

Difference Between MySQL, MySQLi and Pdo

Pinging an Ip Address Using PHP and Echoing the Result

Pdo::Fetchall Vs. Pdo::Fetch in a Loop

How to Remove the Querystring and Get Only the Url

Remove Script Tag from HTML Content

How to Return Integer and Numeric Columns from MySQL as Integers and Numerics in PHP


Leave a reply



Submit