$_POST vs. $_SERVER['REQUEST_METHOD'] == 'POST'
Well, they don't do the same thing, really.
$_SERVER['REQUEST_METHOD']
contains the request method (surprise).
$_POST
contains any post data.
It's possible for a POST request to contain no POST data.
I check the request method — I actually never thought about testing the $_POST
array. I check the required post fields, though. So an empty post request would give the user a lot of error messages - which makes sense to me.
!empty($_POST) vs. $_SERVER['REQUEST_METHOD'] == 'POST'
PHP's choice to name $_POST
and $_GET
as they did was terrible, and is mostly leading to confusion here. $_GET
contains the request URL's query parameters, while $_POST
contains the parsed request body data (if it's application/x-www-form-urlencoded
).
Any URL, and thereby any request, can contain URL query parameters, so $_GET
can be and is used with any sort of request, not just HTTP GET
requests. HTTP POST
and PUT
requests (and arguably any other verb you make up) can contain a urlencoded
request body, which would/could end up in $_POST
(not sure off the top of my head whether PHP bothers parsing body data for anything but POST
requests). A POST
or PUT
request also doesn't have to contain body data; if an empty POST
request makes sense in your application, so be it.
So, $_POST
, POST
, $_GET
, GET
, request body data, query parameters etc. are all rather orthogonal to each other.
If you want to check the method of the HTTP request, check $_SERVER['REQUEST_METHOD']
. If you want to know whether any urlencoded body data was sent, check whether there's data in $_POST
. For that purpose, if ($_POST)
is enough. An empty array evaluates as falsey. Oftentimes you can probably substitute one for the other, but that depends on what you're trying to check.
empty
is used for suppressing error reporting on otherwise undefined variables. Other than that it behaves exactly as a normal truthy/falsey check.
What does this $_SERVER['REQUEST_METHOD'] === 'POST' do?
say your page is called yourpage.php -- What that code means is that the portion of code in the IF statement will ONLY be run if you are accessing yourPage.php page via Posting a form. So if you just load that page normally, by typing yourpage.php in the address bar. that code will not run.
But if you have some < form action='yourPage.php' >. When you submit that form, and you come to yourpage.php That code will run only in that instance. When the page has come via posting.
Its basically a way to ensure that certain code will only happen AFTER the posting of the form, think of a message like "Thanks for filling out our survey!" which pops up after you submit your form only, but still on the same page.
why should we use if( $_SERVER[ REQUEST_METHOD ] == POST )
$_SERVER['REQUEST_METHOD']
contains the request method. It is used to check request method.This variable also says if the request is a 'GET
', 'HEAD
', 'POST
' or 'PUT
' request.
isset($_POST['submit']) vs $_SERVER['REQUEST_METHOD']=='POST'
These mean two different things. The first, checks to see if when the form was submitted the parameter submit
was passed. Many use this snippet to verify that a form has been sent. This works because the submit button is technically an <input>
so it's value is sent along with any other elements that were part of the form.
<?php
if(isset($_POST['submit'])) { // This way form and form logic can be adjacent to each other
// Logic
}
?>
<form method='POST' action='<?= $_SERVER['REQUEST_URI'] ?>'>
<!--- other form stuff -->
<input type="submit" name="submit" value="Send!" />
</form>
The second snippet tests if the form was submitted with the POST method. This doesn't necessarily mean that the form button was pushed. If it wasn't submitted with POST, then the superglobal $_POST
would be empty.
Reason for checking if $_SERVER['REQUEST_METHOD'] == 'POST'?
If the user comes from the previous form then the request method is POST indeed. But anyone can make a request to your server, for example via CURL or a custom program. There is no stopping people making random request to your pages.
Therefore you cannot be sure that the request method on the server is indeed POST, and all data is present.
In another context it can be used to check if the form has actually been submitted. For example:
<?php if($_SERVER['REQUEST_METHOD'] == 'POST') { ?> <!-- The server has recieved something via POST! -->
Thank you for submitting the form!
<?php } else { ?> <!-- No postdata, lets show the form! -->
<form method='POST'> <!-- By setting the method we ask that the client does a post request. -->
<input type='submit' />
</form>
<?php } ?>
Related Topics
How to Login in With Curl and Ssl and Cookies
What Does "1" Mean At the End of a PHP Print_R Statement
Woocommerce: Which Hook to Replace Deprecated "Woocommerce_Add_Order_Item_Meta"
How to Change Public Folder to Public_Html in Laravel 5
How to Access a Property With an Invalid Name
How to Make a Simple Crawler in PHP
How to Replace Different Newline Styles in PHP the Smartest Way
How to Remove Non-Alphanumeric Characters
Codeigniter Displays a Blank Page Instead of Error Messages
Is There a Built-In Way to Get All of the Changed/Updated Fields in a Doctrine 2 Entity
PHP Fileinfo Is Undefined Function
Difference Between MySQL, MySQLi and Pdo
Pinging an Ip Address Using PHP and Echoing the Result
Pdo::Fetchall Vs. Pdo::Fetch in a Loop
How to Remove the Querystring and Get Only the Url
Remove Script Tag from HTML Content
How to Return Integer and Numeric Columns from MySQL as Integers and Numerics in PHP