PHP php input vs POST

Question

I have been directed to use the method php   input instead of   POST when interacting with Ajax requests from JQuery  What I do not understand is the benefits of using this vs the global method of   POST or   GET

User · Accepted Answer

The reason is that php   input returns all the raw data after the HTTP-headers of the request  regardless of the content type   The PHP superglobal   POST  only is supposed to wrap data that is either    application x-www-form-urlencoded  standard content type for simple form-posts  or multipart form-data  mostly used for file uploads    This is because these are the only content types that must be supported by user agents  So the server and PHP traditionally don t expect to receive any other content type  which doesn t mean they couldn t    So  if you simply POST a good old HTML form  the request looks something like this   POST  page php HTTP 1 1  key1 value1 amp key2 value2 amp key3 value3   But if you are working with Ajax a lot  this probaby also includes exchanging more complex data with types  string  int  bool  and structures  arrays  objects   so in most cases JSON is the best choice  But a request with a JSON-payload would look something like this   POST  page php HTTP 1 1    key1   value1   key2   value2   key3   value3     The content would now be application json  or at least none of the above mentioned   so PHP s   POST-wrapper doesn t know how to handle that  yet     The data is still there  you just can t access it through the wrapper  So you need to fetch it yourself in raw format with file get contents  php   input    as long as it s not multipart form-data-encoded     This is also how you would access XML-data or any other non-standard content type

User · Answer

So I wrote a function that would get the POST data from the php   input stream    So the challenge here was switching to PUT  DELETE OR PATCH request method  and still obtain the post data that was sent with that request    I m sharing this maybe for someone with a similar challenge  The function below is what I came up with and it works  I hope it helps                   method Post getPostData         return array                Convert Content-Disposition to a post data             function getPostData     array                   var string  input          input   file get contents  php   input                continue if   POST is empty         if  strlen  input   gt  0  amp  amp  count   POST     0    count   POST   gt  0                  postsize    ---  sha1 strlen  input    ---                preg match all     -  2       s     n  s  0       input   match                   update input             if  count  match   gt  0   input   preg replace     -  2       s     n  s  0           input                   extract the content-disposition             preg match all    Content-Disposition  form-data  name        m    input   matches                   let s get the keys             if  count  matches   gt  0  amp  amp  count  matches 0    gt  0                                 keys    matches 2                    foreach   keys as  index   gt   key                         key   trim  key                        key   preg replace              key                        key   preg replace              key                        key   preg replace     s        key                        keys  index     key                  endforeach                    input   preg replace    Content-Disposition  form-data  name        m    postsize   input                     input   preg replace    Content-Length        n    im        input                       now let s get key value                  inputArr   explode  postsize   input                        var array  values                  values                        foreach   inputArr as  index   gt   val                         val   preg replace     n        val                        if  preg match     S      val    values  index    trim  val                    endforeach                      now combine the key to the values                  post                            var array  value                  value                           update value                 foreach   values as  i   gt   val   value      val                      push to post                 foreach   keys as  x   gt   key   post  key    isset  value  x      value  x                         if  is array  post                           newPost                            foreach   post as  key   gt   val                             if  preg match            key                                   k   substr  key  0  strpos  key                                      child   substr  key  strpos  key                                      child   preg replace                  child                                newPost  k   child     val                           else                                newPost  key     val                           endif                       endforeach                         POST   count  newPost   gt  0    newPost    post                   endif                         endif              return post array         return   POST

User · Answer

First  a basic truth about PHP  PHP was not designed to explicitly give you a pure REST  GET  POST  PUT  PATCH  DELETE  like interface for handling HTTP requests  However  the   SERVER    COOKIE    POST    GET  and   FILES superglobals  and the function filter input array   are very useful for the average person s   layman s needs  The number one hidden advantage of   POST  and   GET  is that your input data is url-decoded automatically by PHP  You never even think about having to do it  especially for query string parameters within a standard GET request  or HTTP body data submitted with a POST request  Other HTTP Request Methods Those studying the underlying HTTP protocol and its various request methods come to understand that there are many HTTP request methods  including the often referenced PUT  PATCH  not used in Google s Apigee   and DELETE  In PHP  there are no superglobals or input filter functions for getting HTTP request body data when POST is not used  What are disciples of Roy Fielding to do   -  However  then you learn more     That being said  as you advance in your PHP programming knowledge and want to use JavaScript s XmlHttpRequest object  jQuery for some   you come to see the limitation of this scheme    POST limits you to the use of two media types in the HTTP Content-Type header   application x-www-form-urlencoded  and multipart form-data  Thus  if you want to send data values to PHP on the server  and have it show up in the   POST superglobal  then you must urlencode it on the client-side and send said data as key value pairs--an inconvenient step for novices  especially when trying to figure out if different parts of the URL require different forms of urlencoding  normal  raw  etc     For all you jQuery users  the   ajax   method is converting your JSON to URL encoded key value pairs before transmitting them to the server  You can override this behavior by setting processData  false  Just read the   ajax   documentation  and don t forget to send the correct media type in the Content-Type header  php   input  but     Even if you use php   input instead of   POST for your HTTP POST request body data  it will not work with an HTTP Content-Type of multipart form-data This is the content type that you use on an HTML form when you want to allow file uploads   lt form enctype  quot multipart form-data quot  accept-charset  quot utf-8 quot  action  quot post quot  gt       lt input type  quot file quot  name  quot resume quot  gt   lt  form gt   Therefore  in traditional PHP  to deal with a diversity of content types from an HTTP POST request  you will learn to use   POST or filter input array POST     FILES  and php   input  There is no way to just use one  universal input source for HTTP POST requests in PHP  You cannot get files through   POST  filter input array POST   or php   input  and you cannot get JSON XML YAML in either filter input array POST  or   POST  PHP Manual  php   input  php   input is a read-only stream that allows you to read raw data from the request body   php   input is not available with enctype  quot multipart form-data quot    PHP Frameworks to the rescue  PHP frameworks like Codeigniter 4 and Laravel use a facade to provide a cleaner interface  IncomingRequest or Request objects  to the above  This is why professional PHP developers use frameworks instead of raw PHP  Of course  if you like to program  you can devise your own facade object to provide what frameworks do  It is because I have taken time to investigate this issue that I am able to write this answer  URL encoding  What the heck       Typically  if you are doing a normal  synchronous  when the entire page redraws  HTTP requests with an HTML form  the user-agent  web browser  will urlencode your form data for you  If you want to do an asynchronous HTTP requests using the XmlHttpRequest object  then you must fashion a urlencoded string and send it  if you want that data to show up in the   POST superglobal  How in touch are you with JavaScript   -  Converting from a JavaScript array or object to a urlencoded string bothers many developers  even with new APIs like Form Data   They would much rather just be able to send JSON  and it would be more efficient for the client code to do so  Remember  wink  wink   the average web developer does not learn to use the XmlHttpRequest object directly  global functions  string functions  array functions  and regular expressions like you and I  -   Urlencoding for them is a nightmare   -  PHP  what gives  PHP s lack of intuitive XML and JSON handling turns many people off  You would think it would be part of PHP by now  sigh   So many media types  MIME types in the past  XML  JSON  and YAML all have media types that can be put into an HTTP Content-Type header   application xml applicaiton json application yaml  although IANA has no official designation listed   Look how many media-types  formerly  MIME types  are defined by IANA  Look how many HTTP headers there are  php   input or bust Using the php   input stream allows you to circumvent the baby-sitting   hand holding level of abstraction that PHP has forced on the world   -  With great power comes great responsibility  Now  before you deal with data values streamed through php   input  you should   must do a few things   Determine if the correct HTTP method has been indicated  GET  POST  PUT  PATCH  DELETE       Determine if the HTTP Content-Type header has been transmitted  Determine if the value for the Content-Type is the desired media type  Determine if the data sent is well formed XML   JSON   YAML   etc  If necessary  convert the data to a PHP datatype  array or object  If any of these basic checks or conversions fails  throw an exception   What about the character encoding  AH  HA  Yes  you might want the data stream being sent into your application to be UTF-8 encoded  but how can you know if it is or not  Two critical problems   You do not know how much data is coming through php   input  You do not know for certain the current encoding of the data stream   Are you going to attempt to handle stream data without knowing how much is there first  That is a terrible idea  You cannot rely exclusively on the HTTP Content-Length header for guidance on the size of streamed input because it can be spoofed  You are going to need a   Stream size detection algorithm  Application defined stream size limits  Apache   Nginx   PHP limits may be too broad    Are you going to attempt to convert stream data to UTF-8 without knowing the current encoding of the stream  How  The iconv stream filter  iconv stream filter example  seems to want a starting and ending encoding  like this   convert iconv ISO-8859-1 UTF-8   Thus  if you are conscientious  you will need   Stream encoding detection algorithm  Dynamic   runtime stream filter definition algorithm  because you cannot know the starting encoding a priori     Update   convert iconv UTF-8 UTF-8  will force everything to UTF-8  but you still have to account for characters that the iconv library might not know how to translate  In other words  you have to some how define what action to take when a character cannot be translated  1  Insert a dummy character  2  Fail   throw and exception   You cannot rely exclusively on the HTTP Content-Encoding header  as this might indicate something like compression as in the following  This is not what you want to make a decision off of in regards to iconv  Content-Encoding  gzip  Therefore  the general steps might be     Part I  HTTP Request Related  Determine if the correct HTTP method has been indicated  GET  POST  PUT  PATCH  DELETE       Determine if the HTTP Content-Type header has been transmitted  Determine if the value for the Content-Type is the desired media type   Part II  Stream Data Related  Determine the size of the input stream  optional  but recommended   Determine the encoding of the input stream  If necessary  convert the input stream to the desired character encoding  UTF-8   If necessary  reverse any application level compression or encryption  and then repeat steps 4  5  and 6   Part III  Data Type Related  Determine if the data sent is well formed XML   JSON   YMAL   etc    Remember  the data can still be a URL encoded string which you must then parse and URL decode    If necessary  convert the data to a PHP datatype  array or object   Part IV  Data Value Related  Filter input data   Validate input data    Now do you see  The   POST superglobal  along with php ini settings for limits on input  are simpler for the layman  However  dealing with character encoding is much more intuitive and efficient when using streams because there is no need to loop through superglobals  or arrays  generally  to check input values for the proper encoding

User · Answer

Simple example of how to use it     lt  php        if  isset   POST     empty   POST             gt            lt form name  form1  method  post  action    gt              lt input type  text  name  textfield  gt  lt br   gt              lt input type  submit  name  Submit  value  submit  gt            lt  form gt       lt  php             else             example   file get contents  php   input            echo  example            gt

User · Answer

php   input can give you the raw bytes of the data  This is useful if the POSTed data is a JSON encoded structure  which is often the case for an AJAX POST request   Here s a function to do just that              Returns the JSON encoded POST data  if any  as an object              return Object null         private function retrieveJsonPostData              get the raw POST data      rawData   file get contents  php   input            this returns null if not valid json     return json decode  rawData         The   POST array is more useful when you re handling key-value data from a form  submitted  by a traditional POST  This only works if the POSTed data is in a recognised format  usually application x-www-form-urlencoded  see http   www w3 org TR html4 interact forms html h-17 13 4 for details

User · Answer

If post data is malformed    POST will not contain anything  Yet  php   input will have the malformed string   For example there is some ajax applications  that do not form correct post key-value sequence for uploading a file  and just dump all the file as post data  without variable names or anything    POST will be empty    FILES empty also  and php   input will contain exact file  written as a string

[php] PHP "php://input" vs $_POST

Examples related to php

Examples related to ajax

Examples related to input