POST vs. $

Some guy called one of my Snipplr submissions "crap" because I used if ($_SERVER['REQUEST_METHOD'] == 'POST') instead of if ($_POST)

Checking the request method seems more correct to me because that's what I really want to do. Is there some operational difference between the two or is this just a code clarity issue?

---

Well, they don't do the same thing, really.

$_SERVER['REQUEST_METHOD'] contains the request method (surprise).

$_POST contains any post data.

It's possible for a POST request to contain no POST data.

I check the request method — I actually never thought about testing the $_POST array. I check the required post fields, though. So an empty post request would give the user a lot of error messages - which makes sense to me.

---

if ($_SERVER['REQUEST_METHOD'] == 'POST')是正确的方式，您可以发送一个没有任何发布数据的发布请求。

---

I used to check $_POST until I got into a trouble with larger POST data and uploaded files. There are configuration directives post_max_size and upload_max_filesize - if any of them is exceeded, $_POST array is not populated.

So the "safe way" is to check $_SERVER['REQUEST_METHOD'] . You still have to use isset() on every $_POST variable though, and it does not matter, whether you check or don't check $_SERVER['REQUEST_METHOD'] .

链接地址: http://www.djcxy.com/p/42258.html

上一篇: SERVER变量是安全的吗？

下一篇: POST与$