How can I detect which request type was used (GET, POST, PUT or DELETE) in PHP?
Detecting request type in PHP (GET, POST, PUT or DELETE)
By using
$_SERVER['REQUEST_METHOD']
Example
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// The request is using the POST method
}
For more details please see the documentation for the $_SERVER variable.
What happens if you POST to mypage.php?var=something ? –
Seedy
The method will be POST, but if you have to use $_GET to get those variables Im not sure. –
Diuretic
In the case nickf mentions, you could also (maybe) use the $_REQUEST variable. $_REQUEST contains post, get, and cookie values. Read the documentation at php.net/manual/en/reserved.variables.request.php –
Jadajadd
@Seedy - the variable 'var' from your example will be in
$_POST['var'] –
Bullbat If you just want to check if a form is posted, you can do simply
if (!empty($_POST)) {.... Beware of $_REQUEST though! Careless usage of it adds a lot to CSRF kind of vulnerabilities. –
Petitionary @Paul Dixon print_r( $_SERVER ) is better for doing that :D –
Raid
@NathanLong In my experience that is incorrect. If you POST to mypage.php?var=something then 'something' will be in
$_GET['var']. –
Pascia $_POST and $_GET are somewhat unfortunately named. $_GET contain variables from the URL's query component, regardless of the HTTP method. $_POST will contain form fields if the request was sent as application/x-www-form-urlencoded. –
Catherincatherina $_SERVER['REQUEST_METHOD'] what. what do we do with this? –
Pyroxylin
@MujahedAKAS you can check what method is used. It's a variable that contains the method used, i.e. 'GET', 'HEAD', 'POST', 'PUT'. So you can do a
if ($_SERVER['REQUEST_METHOD'] == 'POST'){ echo "POST received"}. –
Firstfoot @Jadajadd does we need
===, what will happen if I used == ? –
Absentminded @Kasun You do not specifically need
===, no. But there is no advantage in using ==, and it is good practice to get accustomed to using the === absolutely everywhere. –
Banter REST in PHP can be done pretty simple. Create http://example.com/test.php (outlined below). Use this for REST calls, e.g. http://example.com/test.php/testing/123/hello. This works with Apache and Lighttpd out of the box, and no rewrite rules are needed.
<?php
$method = $_SERVER['REQUEST_METHOD'];
$request = explode("/", substr(@$_SERVER['PATH_INFO'], 1));
switch ($method) {
case 'PUT':
do_something_with_put($request);
break;
case 'POST':
do_something_with_post($request);
break;
case 'GET':
do_something_with_get($request);
break;
default:
handle_error($request);
break;
}
If you want to have your API available, without quoting what interpreting engine you're using, add a .htaccess file containing RewriteEngine on RewriteRule ^api/(.*)$ api.php/$1 This assumes your API file is called api.php. Also, since the above code block was written, the PHP developers have depreciated the split function. it works fine if you replace split with explode. –
Alibi
What's with the
@ in front of $_SERVER['PATH_INFO']? –
Riotous @Svish, what a great detail you noticed! It gets rid of
PHP Notice: Undefined index: PATH_INFO in case PATH_INFO is not in $_SERVER. I'm adding this to my bag of tricks right away! It's a way of saying "I know there might not be an entry named that way in this array, and I'm ready for that, so just shut up and do what I tell you to". :) Thanks guys, both for posting this answer and for bringing my attention to that particular character in it. –
Herniotomy I usually use a !empty instead of @. Better practice? –
Deniable
As a more concise way using variable methods:
<?php $request = explode("/", substr(@$_SERVER['PATH_INFO'], 1)); $rest = 'rest_'.strtolower($_SERVER['REQUEST_METHOD']); if (function_exists($rest)) call_user_func($rest, $request); ?> –
Bamberger @Riotous The @ is an error suppressor, and (from my translation) it means "Don't tell me when something is wrong Mr PHP, because I know better, and have thought of every possible eventuality and know nothing will be wrong which I will ever need to know about" (no offence neu242 :D) Write good code that won't have any PHP notices because of good code! –
Newsboy
It is sunday morning and maybe I'm a bit dumb today, bur I cant get what is the use of $_SERVER['PATH_INFO'] when this variable is not set by Apache. I tried it and it returned empty! –
Nettie
A comment in the PHP docs says: "Find the path-info, which is data after the .php filename in the URL call. It's a strange concept. Some environments may not support it, it is best avoided unless you have complete server control" regarding
$_SERVER['PATH_INFO']. Is $_SERVER['REQUEST_URI'] preferred? Also, I think routers are typically organized by path/route first, then by method within the path, keeping resources together. Handling all GET requests to a handler which then switches on the path breaks resources up. –
Unknowable Detecting the HTTP method or so called REQUEST METHOD can be done using the following code snippet.
$method = $_SERVER['REQUEST_METHOD'];
if ($method == 'POST'){
// Method is POST
} elseif ($method == 'GET'){
// Method is GET
} elseif ($method == 'PUT'){
// Method is PUT
} elseif ($method == 'DELETE'){
// Method is DELETE
} else {
// Method unknown
}
You could also do it using a switch if you prefer this over the if-else statement.
If a method other than GET or POST is required in an HTML form, this is often solved using a hidden field in the form.
<!-- DELETE method -->
<form action='' method='POST'>
<input type="hidden" name'_METHOD' value="DELETE">
</form>
<!-- PUT method -->
<form action='' method='POST'>
<input type="hidden" name'_METHOD' value="PUT">
</form>
For more information regarding HTTP methods I would like to refer to the following StackOverflow question:
We can also use the input_filter to detect the request method while also providing security through input sanitation.
$request = filter_input(INPUT_SERVER, 'REQUEST_METHOD', FILTER_SANITIZE_ENCODED);
You can use getenv function and don't have to work with a $_SERVER variable:
getenv('REQUEST_METHOD');
More info:
This is the only method that worked for me. $_SERVER["REQUEST_METHOD"] variable only detected POST and GET methods, for the rest it returned false. –
Workmanlike
Since this is about REST, just getting the request method from the server is not enough. You also need to receive RESTful route parameters. The reason for separating RESTful parameters and GET/POST/PUT parameters is that a resource needs to have its own unique URL for identification.
Here's one way of implementing RESTful routes in PHP using Slim:
https://github.com/codeguy/Slim
$app = new \Slim\Slim();
$app->get('/hello/:name', function ($name) {
echo "Hello, $name";
});
$app->run();
And configure the server accordingly.
Here's another example using AltoRouter:
https://github.com/dannyvankooten/AltoRouter
$router = new AltoRouter();
$router->setBasePath('/AltoRouter'); // (optional) the subdir AltoRouter lives in
// mapping routes
$router->map('GET|POST','/', 'home#index', 'home');
$router->map('GET','/users', array('c' => 'UserController', 'a' => 'ListAction'));
$router->map('GET','/users/[i:id]', 'users#show', 'users_show');
$router->map('POST','/users/[i:id]/[delete|update:action]', 'usersController#doAction', 'users_do');
Not what the OP asked for. And also, the OP didn't mention REST anywhere. –
Toast
@BrunoFerreira would you like me to delete the answer because OP didn't specifically use the term REST? –
Eno
It is very simple. Just use $_SERVER['REQUEST_METHOD'];.
Example:
<?php
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case 'GET':
//Here Handle GET Request
break;
case 'POST':
//Here Handle POST Request
break;
case 'DELETE':
//Here Handle DELETE Request
break;
case 'PUT':
//Here Handle PUT Request
break;
}
?>
The "DELETE" case will never be hit because that's not a possible REQUEST_METHOD. The valid REQUEST_METHODs are 'GET', 'HEAD', 'POST', 'PUT'. Read the documentation (pointed to in numerous answers on this very page) before posting an answer. –
Gilbertogilbertson
@Patrick, actually, the "DELETE" case will get a hit when the request method is DELETE; nonetheless the documentation in PHP does not mention it. Indeed, any method gets reflected in
$_SERVER['REQUEST_METHOD'], even customized ones. Remember that the method is just a string in the request header and that it is our task to check for its correctness. –
Stoneware @Gilbertogilbertson DELETE is defined in RFC7231 and is supported in all major browsers. tools.ietf.org/html/rfc7231#section-4.3.5 and $_SERVER["REQUEST_METHOD"] is just a string. –
Gond
@IvanDePazCenteno Exactly. Never trust user input. Never trust user input. –
Gond
In core php you can do like this :
<?php
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case 'GET':
//Here Handle GET Request
echo 'You are using '.$method.' Method';
break;
case 'POST':
//Here Handle POST Request
echo 'You are using '.$method.' Method';
break;
case 'PUT':
//Here Handle PUT Request
echo 'You are using '.$method.' Method';
break;
case 'PATCH':
//Here Handle PATCH Request
echo 'You are using '.$method.' Method';
break;
case 'DELETE':
//Here Handle DELETE Request
echo 'You are using '.$method.' Method';
break;
case 'COPY':
//Here Handle COPY Request
echo 'You are using '.$method.' Method';
break;
case 'OPTIONS':
//Here Handle OPTIONS Request
echo 'You are using '.$method.' Method';
break;
case 'LINK':
//Here Handle LINK Request
echo 'You are using '.$method.' Method';
break;
case 'UNLINK':
//Here Handle UNLINK Request
echo 'You are using '.$method.' Method';
break;
case 'PURGE':
//Here Handle PURGE Request
echo 'You are using '.$method.' Method';
break;
case 'LOCK':
//Here Handle LOCK Request
echo 'You are using '.$method.' Method';
break;
case 'UNLOCK':
//Here Handle UNLOCK Request
echo 'You are using '.$method.' Method';
break;
case 'PROPFIND':
//Here Handle PROPFIND Request
echo 'You are using '.$method.' Method';
break;
case 'VIEW':
//Here Handle VIEW Request
echo 'You are using '.$method.' Method';
break;
Default:
echo 'You are using '.$method.' Method';
break;
}
?>
$request = new \Zend\Http\PhpEnvironment\Request();
$httpMethod = $request->getMethod();
In this way you can also achieve in zend framework 2 also.
You can make in controller $request = $this->getRequest(). And then, $request->isPost(). Check out also $request->getMethod(). –
Medullary
TL;DR
The "native source of true" is the $_SERVER global variable. The request Method
is saved under the key "REQUEST_METHOD".
Check the $_SERVER array
$_SERVER['REQUEST_METHOD']
PHP Methods
But you can use a lot of workarounds to get the Method. Like filter_input:
filter_input(INPUT_SERVER, 'REQUEST_METHOD', FILTER_SANITIZE_ENCODED);
Libs Or you use external libs like:
Symfony\Component\HttpFoundation\Request\Zend\Http\PhpEnvironment\Request
Conclusion
But the easiest way would be to use: $_SERVER['REQUEST_METHOD'].
It is valuable to additionally note, that PHP will populate all the $_GET parameters even when you send a proper request of other type.
Methods in above replies are completely correct, however if you want to additionaly check for GET parameters while handling POST, DELETE, PUT, etc. request, you need to check the size of $_GET array.
When a method was requested, it will have an array. So simply check with count().
$m=['GET'=>$_GET,'POST'=>$_POST];
foreach($m as$k=>$v){
echo count($v)?
$k.' was requested.':null;
}
I used this code. It should work.
function get_request_method() {
$request_method = strtolower($_SERVER['REQUEST_METHOD']);
if($request_method != 'get' && $request_method != 'post') {
return $request_method;
}
if($request_method == 'post' && isset($_POST['_method'])) {
return strtolower($_POST['_method']);
}
return $request_method;
}
This above code will work with REST calls and will also work with html form
<form method="post">
<input name="_method" type="hidden" value="delete" />
<input type="submit" value="Submit">
</form>
You can get any query string data i.e www.example.com?id=2&name=r
You must get data using $_GET['id'] or $_REQUEST['id'].
Post data means like form <form action='' method='POST'> you must use $_POST or $_REQUEST.
© 2022 - 2024 — McMap. All rights reserved.
PATCH? – Conure$_SERVER['REQUEST_METHOD'] === 'PATCH'– Grundyism