Does it really matter?
Why would one ever want to determine what HTTP method was used at the PHP level? I cannot think of anything other than maybe security reasons or maybe implementing postback or somethign similar?
Any ideas on why I might want to detect POST during a submittion?
GET or POST methods
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: GET or POST methods
Strictly speaking it doesn't make any difference from a security point of view - you can't trust data from either. The reason you should check though is because it can be a sign that someone is trying to use a script in a way that it was intended for ... for example, if your form submits by post and you start getting variables in $_GET with the form field names then obviously someone is tacking them on to the end of the action URL ... that's definitely a sign something untoward is going on. Maybe they're checking if you're using register_globals or $_REQUEST?
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: GET or POST methods
That is actually what I'm thinking of doing...
Basically checking the method on each request against the known/accepted method and logging the type...if a user attempts X number of bunk attempts I will email the admin notifying them of something fishy.
Basically checking the method on each request against the known/accepted method and logging the type...if a user attempts X number of bunk attempts I will email the admin notifying them of something fishy.