检查$ _SERVER ['REQUEST_METHOD'] =='POST'的原因？

Question

I've searched about a dozen answers on here relating to:

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
}

Yet I still haven't found an answer to why .

Why is this done if we've already set the <form method="post"> ?

Doesn't that mean that it's the only form method here?

Answer 1

If the user comes from the previous form then the request method is POST indeed. But anyone can make a request to your server, for example via CURL or a custom program. There is no stopping people making random request to your pages.

Therefore you cannot be sure that the request method on the server is indeed POST, and all data is present.

In another context it can be used to check if the form has actually been submitted. For example:

<?php if($_SERVER['REQUEST_METHOD'] == 'POST') { ?> <!-- The server has recieved something via POST! -->
    Thank you for submitting the form!
<?php } else { ?> <!-- No postdata, lets show the form! -->
    <form method='POST'> <!-- By setting the method we ask that the client does a post request. -->
        <input type='submit' />
    </form>
<?php } ?>

Answer 2

There are two ways you can send forms from the client to the server: GET and POST . They are defined in RFC 2616 (HTTP) , but the difference you can directly see is that GET gets displayed in the URL and POST doesn't.

Keep in mind that this is only for the browser on the client side to decide which way they send content to the server.

Regarding $_SERVER['REQUEST_METHOD'] :

Which request method was used to access the page; ie 'GET', 'HEAD', 'POST', 'PUT'.

Note: PHP script is terminated after sending headers (it means after producing any output without output buffering) if the request method was HEAD.

One reason why you might want to use

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
} 

might be to check if a form was submitted. But keep in mind: People can send POST requests without actually using your form! So you have to check the other data anyway.