If you want to check that a *form* was submiited, you need to at minimum check that one of the form elements exist in the post data, assuming the method is post. The submit button is a good one to use. Just checking that there *is* POST data isn't a great idea. Anyone can post anything. Checking for a key named 'submit' in the POST array is no more difficult than any other method. That being said anyone could POST a key value pair with the key being 'submit'. So validate everything!
On Fri, Aug 28, 2009 at 7:29 PM, Martin Scotta <martinsco...@gmail.com>wrote: > On Fri, Aug 28, 2009 at 1:59 PM, Ben Dunlap <bdun...@agentintellect.com > >wrote: > > > > Well, as far as I'm aware $_SERVER isn't reliable from server to > server. > > > That said, I've never had a problem using it. > > > > Thanks -- I just looked it up and the manual says: "There is no > > guarantee that every web server will provide any of these; servers may > > omit some, or provide others not listed here. That said, a large > > number of these variables are accounted for in the » CGI 1.1 > > specification, so you should be able to expect those." > > > > So I guess it wouldn't make sense to rely on anything in $_SERVER if > > you're building an app for widespread use; e.g., CodeIgniter, as > > mentioned above. > > > > > tend to use the $_REQUEST array instead of $_POST or $_GET. You get the > > > benefit of being able to work with both arrays (as well as $_SESSION > and > > > $_COOKIE) without any drawbacks. > > > > For now I'm inclined against $_REQUEST, since it's not yet supported > > by filter_input(). I think filter_input() is the bee's knees and I've > > stopped touching $_POST or $_GET directly since I discovered it. > > > > Ben > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > When the request is PUT your $_SERVER['REQUEST_METHOD'] detection will > fail, > but the $_POST will be populated. > > I think the best way is by count( $_POST ) > 0 but this only applies for > application/x-www-form-urlencoded forms. > Other content-type will not populate the $_POST and therefore need to be > validated by other method. > > PHP provides non-yet-standard HttpRequest class that can handle this > perfectly > > > -- > Martin Scotta >