I have come across scripts that use:
isset($_POST['submit'])
as well as code that uses:
$_SERVER['REQUEST_METHOD']=='POST'
I was wondering the difference between these two and which method is best.
19
votes
4 Answers
4
votes
These mean two different things. The first, checks to see if when the form was submitted the parameter submit was passed. Many use this snippet to verify that a form has been sent. This works because the submit button is technically an <input> so it's value is sent along with any other elements that were part of the form.
<?php
if(isset($_POST['submit'])) { // This way form and form logic can be adjacent to each other
// Logic
}
?>
<form method='POST' action='<?= $_SERVER['REQUEST_URI'] ?>'>
<!--- other form stuff -->
<input type="submit" name="submit" value="Send!" />
</form>
The second snippet tests if the form was submitted with the POST method. This doesn't necessarily mean that the form button was pushed. If it wasn't submitted with POST, then the superglobal $_POST would be empty.
10
votes
isset($_POST['submit'])
If you already know that a particular value will always be sent and therefore is indicative of an expected form submission (the submit field in this case) this code will tell you two things:
- The form is submitted via the
POSTmethod, as opposed toGET,PUT, etc. - The
submitfield has been passed.
$_SERVER['REQUEST_METHOD'] == 'POST'
This tells you exactly one thing, a form was submitted via the POST method. Reasons to use it include:
- You want to distinguish between an invalid form submission (e.g. not all fields were transmitted) and other kinds of page retrieval (
GET,PUT, etc.) - You don't know exactly what you're going to receive. Perhaps this code is run in a controller which doesn't know all details of its dependent parts.
The former is
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_POST['name'])) {
// at this point you know that `name` was not passed as part of the request
// this could be treated as an error
}
}
Versus:
if (!isset($_POST['name'])) {
// the `name` field was not passed as part of the request
// but it might also be a GET request, in which case a page should be shown
}
Important
Checking for a submit button field in the request is not reliable as a form can be submitted in other ways (such as pressing Enter in a text box).
$_POST
By just using this expression you can assert that:
- The form is submitted via
POST - At least one field has been submitted
4
votes
They do different things.
The first checks whether a key (submit) in the $_POST array is set.
The second checks whether the value of a key in the $_SERVER array is 'POST'. I guess one would use this to tell whether data has been sent using the "get" or "post" method, but usually you don't care only what method was used, but rather, what data was sent.
What are you trying to do?
0
votes
The first statement checks whether the request method was Post and whether the request included a value for element submit. The second method only checks whether the request method was Post.
To check whether a form was posted, the second one is better in the sense it is slightly clearer, doing one thing and one thing only. However I wouldn't worry too much about which one to use.
$_POST['submit'], wheresubmitis the name of atype=submit name=submitbutton, is one of the most common(and lame) habits that runs rampant amongst php coders. Your code utterly fails when a user submits the form via the enter key in a sizable chunk of the common web browser base. Don't do it, it's very amateur. – goat