Page 1 of 1

GET or POST methods

Posted: Sat Oct 04, 2008 7:24 am
by alex.barylski
Does it really matter?

Why would one ever want to determine what HTTP method was used at the PHP level? I cannot think of anything other than maybe security reasons or maybe implementing postback or somethign similar?

Any ideas on why I might want to detect POST during a submittion?

Re: GET or POST methods

Posted: Sat Oct 04, 2008 7:59 am
by onion2k
Strictly speaking it doesn't make any difference from a security point of view - you can't trust data from either. The reason you should check though is because it can be a sign that someone is trying to use a script in a way that it was intended for ... for example, if your form submits by post and you start getting variables in $_GET with the form field names then obviously someone is tacking them on to the end of the action URL ... that's definitely a sign something untoward is going on. Maybe they're checking if you're using register_globals or $_REQUEST?

Re: GET or POST methods

Posted: Sat Oct 04, 2008 1:25 pm
by alex.barylski
That is actually what I'm thinking of doing...

Basically checking the method on each request against the known/accepted method and logging the type...if a user attempts X number of bunk attempts I will email the admin notifying them of something fishy.