tags:

views:

3550

answers:

8

Some guy called one of my Snipplr submissions "crap" because I used if ($_SERVER['REQUEST_METHOD'] == 'POST') instead of if ($_POST)

Checking the request method seems more correct to me because that's what I really want to do. Is there some operational difference between the two or is this just a code clarity issue?

A: 

Personally I do it the way you have specified

if ($_SERVER['REQUEST_METHOD'] == 'POST')

because surely if you do

if ($_POST)

you would have to check that it is declared first or handle the potential undefined error in some other way.

Mark Davidson
A: 

They both work the same way, but $_POST should be used as it is cleaner. You can add isset() to it to check it exists.

Alex UK
+6  A: 

They are both correct. Personally I prefer your approach better for its verbosity but it's really down to personal preference.

Off hand, running if($_POST) would not throw an error - the $_POST array exists regardless if the request was sent with POST headers. An empty array is cast to false in a boolean check.

Eran Galperin
+17  A: 

well -- they don't do the same thing, really.

$_SERVER['REQUEST_METHOD']

contains the request method (surprise).

$_POST

contains any post data.
It's possible for a POST request to contain no POST data.

Me, I check the request method -- I actually never thought about testing the $_POST array. I check the required post fields, though. So an empty post request would give the user a lot of error messages. Which makes sense to me.

gnud
Theoretically, it could be possible, that the request method is 'post' (lower- or even mixed case). Does PHP automatically sanitize this on GET and POST?
Boldewyn
After a short test, my PHP 5.2 on WinXP obviously doesn't do it, so probably the request_method should be sanitized to uppercase only.
Boldewyn
+2  A: 

if ($_SERVER['REQUEST_METHOD'] == 'POST') is the correct way, you can send a post request without any post data.

stuartloxton
A: 

It's really a 6 of one, a half-dozen of the other situation.

The only possible argument against your approach is $_SERVER['REQUEST_METHOD'] == 'POST' may not be populated on certain web-servers/configuration, whereas the $_POST array will always exist in PHP4/PHP5 (and if it doesn't exist, you have bigger problems (-:)

Alan Storm
+1  A: 

I know that this is an old question, but here's a "fresh" (and somewhat different than others) answer ;)

I used to check $_POST until I got into a trouble with larger POST data and uploaded files. There are configuration directives post_max_size and upload_max_filesize - if any of them is exceeded, $_POST array is not popullated. So the "safe way" is to check $_SERVER['REQUEST_METHOD']. You still have to use isset() on every $_POST variable though, and it does not matter, whether you check or don't check $_SERVER['REQUEST_METHOD'].

binaryLV
A: 

You can submit a form by hitting the enter key (i.e. without clicking the submit button) in most browsers but this does not necessarily send submit as a variable - so it is possible to submit an empty form i.e. $_POST will be empty but the form will still have generated a http post request to the php page. In this case if ($_SERVER['REQUEST_METHOD'] == 'POST') is better.

Eamon