-1

What I have learnt is: At a time, only HTTP POST or GET method is possible. I have the following piece of code named: index.php

<?php 
if($_SERVER['REQUEST_METHOD'] == "POST") {
    echo "Request Method is: ". $_SERVER['REQUEST_METHOD'] .'<br>';
    echo "Get variable is: " . $_GET['getname'] . '<br>';
    echo "Post variable is: " . $_POST['posttitle'];
}
?>
<!DOCTYPE html>
<html>
<head>
    <title>Testing Get or Post</title>
</head>
<body>
    <form action="" method="POST">
        <input type="text" name="posttitle" value="somepost"/>

        <button type="submit">Submit</button>
    </form>
</body>
</html>

I navigate the form via : http://localhost/testing/index.php?getname=someget. I submit the form, and the form data is sent via HTTP POST method.

Now my question is: In this scenario, the HTTP method is POST, and the GET variable $_GET['getname'] should have been unavailable. But, both POST and GET variables are available and printed.

Shilan Titaju
  • 3
  • 3
  • Can you explain your question a bit better? maybe you can also use a questionmark after your question – Ende May 16 '18 at 11:43
  • `$_GET` will return your data from url query string. So if you pass any data from query string you can retrieve it in `$_GET` at any time. That is not the issue – B. Desai May 16 '18 at 11:45
  • If you define a query/get variable in your URL, it's available. That's really all there is to it. – Loek May 16 '18 at 11:45
  • See https://stackoverflow.com/a/48585806/476 – deceze May 16 '18 at 11:50
  • You can actually check for a POST request with if($_POST) – maio290 May 16 '18 at 11:52
  • 1
    @maio290 — No, you can't. That tests if there is any POST data. It is possible to have a POST request with nothing in the request body. – Quentin May 16 '18 at 11:57
  • In his example he can do it and it's legit to do so - and yeah, you can send an empty post request, and yeah, you can construct any weird case for being right. But in his example this will simply work. – maio290 May 16 '18 at 12:02
  • 1
    @maio290 There's a difference between an absolute true statement and something that works in a specific case. – deceze May 16 '18 at 12:03
  • There is simply no use in sending an empty post request. Why should you send a post request when you don't sent any data with it? This doesn't follow any good practice of software design. The main problem is that I didn't add a "here". But discussing on SO is a pain in the arse anyway. – maio290 May 16 '18 at 12:06
  • If both GET and POST are available, $_SERVER['REQUEST_METHOD'] should have returned both GET and POST, right ? – Shilan Titaju May 16 '18 at 12:06
  • 1
    @maio290 In a RESTful API there are perfectly valid use cases for sending empty POST requests. The verb "POST" in itself has a meaning, typically of *creating a new resource*, and it's perfectly fine to tell a server to create a new resource without any additional arguments. – deceze May 16 '18 at 12:07
  • @ShilanTitaju — No. See the answer I gave you quarter of an hour ago. – Quentin May 16 '18 at 12:07

1 Answers1

2

This is just down to PHP having poor names for $_GET and $_POST.

$_GET will contain data from the query string of the requested URL. This is completely independent of the request method used.

PHP probably picked the name because an HTML form with method="GET" will put the data in the query string, but that isn't the only way a query string can be created.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • You usually don't receive GET and POST parameters at the same time. Therefore I wouldn't say that PHP has bad names for $_GET and $_POST. – maio290 May 16 '18 at 11:51
  • "You usually don't receive GET and POST parameters at the same time." – It is not all that uncommon for a request to include a query string and a body. – Quentin May 16 '18 at 11:52
  • @maio290 It's perfectly cromulent to `POST` to a URL containing query parameters. How "unusual" is that…? – deceze May 16 '18 at 11:53
  • Following for example REST standards, you never have any query parameters. And in basic PHP with HTML you don't have it either.. – maio290 May 16 '18 at 11:54
  • 1
    @maio290 — "And in basic PHP with HTML you don't have it either." — Rubbish. PHP makes it very easy to have that. I've worked with code that does that plenty of times. – Quentin May 16 '18 at 11:55
  • Mhm, I've never seen a
    ;)
     – maio290 May 16 '18 at 11:56
  • 2
    @maio290 — I refer you to my original answer. A request with a query string is not the same thing is a request using the GET method. `
    ` (More commonly it would be done by not having an action attribute and just preserving the query string from the page being viewed)
     – Quentin May 16 '18 at 11:57
  • But according to several posts here at SO, `method="post" action="save.php?parm=yes"` do not receive the parm – mplungjan May 16 '18 at 11:58
  • 1
    @mplungjan — Those will all be questions about forms which are `method="GET"`. We're talking about POST requests. – Quentin May 16 '18 at 11:59
  • @Quentin I mean these, there are MANY https://stackoverflow.com/questions/35665520/how-can-i-send-post-with-query-string-in-a-link?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa – mplungjan May 16 '18 at 12:35
  • 1
    @mplungjan — That's about a link that makes a GET request not populating `$_POST`, not a form that makes a POST request that is populating `$_GET`. It's about as opposite to the situation as I described as you can get. – Quentin May 16 '18 at 13:04