This is another beginner PHP article this time focusing on how to detect the HTTP request method. If you are a more competent developer then you might want to jump onto another article. How about this one on how to get both GET and POST methods in one request.
Why the Interest in Detecting the HTTP Request Method
Back to the point of this guide. The most compelling answer to this is, it is all about security. We know there is more than one request method when web browsers respond to servers. You, the developer may want to restrict your processes to certain response types.
These are also important when building code such as REST APIs.
A simple example would be to receive passwords from an HTML form via the POST method only. To be able to handle this feature you need to know how to detect the correct HTTP request method.
The simple solution is to check the request method using:
$_SERVER['REQUEST_METHOD']A simple use case would look something like this:
if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
// Do something because the request method is POST
}
else {
// Abort whatever
}The above method does not bode well from a security standpoint. The input here has not been validated nor sanitized. One way to fix this is to use the built-in filter_input PHP function. The above code would look something like this now:
$request_method = filter_input(INPUT_SERVER, 'REQUEST_METHOD', FILTER_SANITIZE_ENCODED);
if ( $request_method === 'POST' ) {
// Do something because the request method is POST
}
else {
// Abort whatever
}If you want to test and handle different request methods differently, a more elegant way would be to use the PHP built-in switch statement. Here is a good example to start with. It also shows the supported HTTP request methods:
$request_method = $_SERVER['REQUEST_METHOD'];
switch ($request_method) {
case 'GET':
//Handle GET Request here
break;
case 'POST':
//Here Handle POST Request here
break;
case 'PUT':
// Handle PUT Request here
break;
case 'PATCH':
// Handle PATCH Request here
break;
case 'DELETE':
//Here Handle DELETE Request
echo 'You are using '.$method.' Method';
break;
case 'COPY':
// Handle COPY Request here
echo 'You are using '.$method.' Method';
break;
case 'OPTIONS':
// Handle OPTIONS Request
break;
case 'LINK':
// Handle LINK Request here
break;
case 'UNLINK':
// Handle UNLINK Request here
break;
case 'PURGE':
//Here Handle PURGE Request here
break;
case 'LOCK':
// Handle LOCK Request here
break;
case 'UNLOCK':
//Here Handle UNLOCK Request here
break;
case 'PROPFIND':
// Handle PROPFIND Request here
break;
case 'VIEW':
//Here Handle VIEW Request
break;
Default:
// Handle default behavior
break;
}That’s it. There is not much to this but with these simple tips, you are now on your way to handling better code in terms of readability and security. Furthermore, you are now past the first hurdle to building your very own REST API.
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.