Form sends GET instead of POST

Question

I have searched the all questions with similar title, no solution for me yet.

I have a website running on apache2. I need to submit sensitive information through a form and I need to use POST method. Instead of POST, it sends GET request.

HTML:

<form action="/add_user.php" method='POST'>
   Enter Username: <input type="email" name="email" required="required" /> <br/>
   Enter password: <input type="password" name="password" required="required" /> <br/>
   <input type="submit" value="submit"/>
</form>

PHP:

<?php

$email=$_POST['email']; 
$password=$_POST['password'];
//do stuff
?>

I have opened Network monitor in Firefox, and the method is confirmed as GET. I have tried to even make it PUT instead of POST, still it sends GET. Also, $email and $password get the values if I change them to $_GET instead of $_POST.

Any help would be appreciated.

Just a general note, but you're mixing double and single quotes. Could cause unpredictable things like that to happen — Machavity, Jun 19 '16 at 14:01
It was both double quoted, and both single quoted, neither didn't work. Just at my last try I tried to mix them to see if it changes anything. — Mirakurun, Jun 19 '16 at 14:03
This is quite strange, could you upload your code on a server to let us try it in live ? — Ivan Gabriele, Jun 19 '16 at 14:16
@zakhefron I am submitting it just the way like it is presented in code. Plain HTML/PHP relation. — Mirakurun, Jun 19 '16 at 14:16
Maybe your problem is with input type submit. See this: http://stackoverflow.com/a/3543695/5885018 — statosdotcom, Jun 19 '16 at 14:22
Just check what happens when adding enctype="multipart/form-data" to the form. Also check by changing post to get — zakhefron, Jun 19 '16 at 14:30
@statosdotcom Thanks for the hint to check submit, never thought it could be problem in it. I googled submit button for POST method and got this: It finally works now. — Mirakurun, Jun 19 '16 at 14:35
I can't reproduce the problem — https://www.evernote.com/l/AAPXC994GgVNFKtPk7YDSTJH9Vfscf0SRpY — whatever it is, it isn't expressed by the code in the question. — Quentin, Jun 19 '16 at 15:50

statosdotcom · Accepted Answer · 2022-10-12T14:31:51.807

8

One way to solve this is to reinforce your intentions by expliciting formmethod="post", like this:

<button type="submit" formmethod="post" formaction="add_user.php">Submit</button>

EDIT: for those who are learning HTML and interested in help each other here in SO (thus not having time to cry), here you can find why is formmethod a truly and valid, prototyped and specified, overriding method: https://www.w3.org/TR/2014/REC-html5-20141028/forms.html#attr-fs-formmethod

edited Oct 12 '22 at 14:31

answered Jun 19 '16 at 17:19

statosdotcom

3,109
2
17
40

4

I don't know why this got all the upvotes. This is a force, not a solution. It's the equivalent of writing `Important!` at the end of a CSS rule. Better to solve the problem instead. – Adam Cook Aug 17 '20 at 00:34
1

What would be another anwser then? The following is not applicable in our case – StackHola Mar 31 '22 at 09:56

Anwar · Answer 2 · 2019-04-14T21:47:16.670

5

If like me you gone from Routed url (like in Laravel) to plain PHP, and wonder why the file /user/store/index.php responds that it receives a GET request using:

<form method="POST" action="/user/store">
  <input type="text" id="user_name" name="user_name" />
  <button type="submit">Create a new user</button>
</form>

Just check it again... Yes you forgot a trailing slash... so /user/store will receives only get, while /user/store/ will receive what you form requested.

Edit

I inspected what Laravel does, and it solves this particular issue with this addition in their .htaccess (check the original file).

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

edited Apr 14 '19 at 21:47

answered Jan 26 '18 at 12:02

Anwar

4,162
4
41
62

I was going crazy. Thank you. Why do forms work this way?? – Apr 14 '19 at 06:13
1

Apparently, taking from another Stackoverflow answer, this is because the way the default php server (php - S) and Appache work: if you ask for `/user/store`, it tried to get the file with this name, but this is not a php file but a folder. Howether, you fix this issue by adding a trailing slash, which by default will try to find the `index.php` in the folder, so it works well and responds to your router. Apparently, we could be able to tweak the .htaccess file to tell Appache to always add a trailing slash, but 1. This might not be always wanted 2. I do not know how to do it with php - S... – Anwar Apr 14 '19 at 08:59
@M.I.Wright I just added something that might help you if you use Appache as a server. I think php built-in server will not react to this file however. – Anwar Apr 14 '19 at 21:47
Thank you! Unfortunately, though, that doesn't apply to me -- I was using Python/Flask when I experienced this issue. I'd defined the route without the trailing slash, too, so there was no redirect or anything, which made the GET-not-POST behavior really surprising to me – Apr 15 '19 at 22:03

Form sends GET instead of POST

2 Answers2

Linked