2

I've searched about a dozen answers on here relating to: 

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
}

Yet I still haven't found an answer to why.

Why is this done if we've already set the <form method="post">?

Doesn't that mean that it's the only form method here?

Martin Thoma
  • 124,992
  • 159
  • 614
  • 958
Lukasz C
  • 41
  • 4
  • That's how you can tell the form was submitted as a normal page request is made using GET – John Conde Jul 21 '14 at 12:57
  • What answers do you mean? Impossible to say if we don't know what answers. But what the code (obvioulsy) does, is check what the request method was. Why would you want to know that? Well, if you make some form of REST service, you'd react differently to a POST then to a GET request, same for PUT, DELETE, etc. – Nanne Jul 21 '14 at 13:01
  • 3
    Even if `
    `, who stops me from copy pasting the URL I saw in your form into my browser, which will perform a GET request to that resource? And if I do that, that means I did something you didn't allow for. That's why the snippet in question is used.
     – N.B. Jul 21 '14 at 13:03

2 Answers2

5

If the user comes from the previous form then the request method is POST indeed. But anyone can make a request to your server, for example via CURL or a custom program. There is no stopping people making random request to your pages.

Therefore you cannot be sure that the request method on the server is indeed POST, and all data is present.

In another context it can be used to check if the form has actually been submitted. For example:

<?php if($_SERVER['REQUEST_METHOD'] == 'POST') { ?> <!-- The server has recieved something via POST! -->
    Thank you for submitting the form!
<?php } else { ?> <!-- No postdata, lets show the form! -->
    <form method='POST'> <!-- By setting the method we ask that the client does a post request. -->
        <input type='submit' />
    </form>
<?php } ?>
TJHeuvel
  • 12,403
  • 4
  • 37
  • 46
0

There are two ways you can send forms from the client to the server: GET and POST. They are defined in RFC 2616 (HTTP), but the difference you can directly see is that GET gets displayed in the URL and POST doesn't.

Keep in mind that this is only for the browser on the client side to decide which way they send content to the server.

Regarding $_SERVER['REQUEST_METHOD']:

Which request method was used to access the page; i.e. 'GET', 'HEAD', 'POST', 'PUT'.

Note: PHP script is terminated after sending headers (it means after producing any output without output buffering) if the request method was HEAD.

One reason why you might want to use

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
}

might be to check if a form was submitted. But keep in mind: People can send POST requests without actually using your form! So you have to check the other data anyway.

Martin Thoma
  • 124,992
  • 159
  • 614
  • 958
  • Your answer isn't incorrect, but it's absolutely misleading. One can use verbs different to POST and GET. Also, you can **easily** see the information being posted, the difference is that you have to hit F12, go to network tab > check what the nice cool new browser tells you in regards to data being sent. The difference, in reality, is the purpose of action depending on the verb being used. That's something the developer codes in. – N.B. Jul 21 '14 at 13:05
  • Sure you can use different HTTP methods. But I don't think that this is important for him. As far as I know you can only tell the client to use GET or POST (at least I have never seen something different in HTML). – Martin Thoma Jul 21 '14 at 13:11
  • And if he really wants to know, I posted a link to the relevant specification. There he will find all HTTP methods. – Martin Thoma Jul 21 '14 at 13:13