HTTP methods and handling - PHP 0 to hero pt.8

Previous part:
Strings - PHP 0 to hero pt.7 Next part:
SQL pt.1 - PHP 0 to hero pt.9

Do you remember, when in part 2, we have written this…

<form action="page.php" method="GET"></form>

And I told you

It sound’s a bit enigmatic, but I’ll cover basics it soon.

And then also

[…]That’s how we get data from GET form - inside single quotes we place name of the field. But about it, later in this course […]

High time has come - here is a quick summary of what will we learn today

HTTP - What is it and how it works
HTTP methods and HTTP response codes
POST method more in depth
POST vs GET - what are differences
Handling other HTTP methods
Overview of $_SERVER

So, let’s not waste time and start learning

HTTP - what is it?

HTTP stands for “Hypertext Transfer Protocol” - It’s basic protocol of web communication and foundation of world wide web.

It functions as a request-response protocol in client-server model

And a quick explanation

Request - package of data, that our browser sends (Like we want to visit wizarddos.github.io)
Response - package of data sent by server to us. That’s the content that we wanted (requested)
Client - One, that sends requests (browser, application)
Server - One, that responds to requests (Web server)

I won’t go into technical depths of how it works - That’s PHP, not networking course

If you are really into it, you can read RFC 9113 - it defines, how it works and explains whole magic behind HTTP protocool

For some clarification - what’s the difference between HTTP and HTTPS?

HTTPS is secure version of HTTP (S in that acronym stands for Secure) - That means, whole connection is encrypted and after intercepting such traffic, attacker has some additional work to do to get the contents (which is not always possible)

Yeah, there was a little bit of offtop, so let’s get into something strictly connected to HTTP

HTTP Response status codes

This part is important - as it might be useful in typical life too

Browsers should know, what happened to their requests - they receive this information through response status codes

They are divided into 5 groups

1xx - Informational
2xx - Success
3xx - Redirection
4xx - Client error
5xx - Server error

Of course xx is replaced with some number - you will see it

Every code can be found here, and some of the most common ones are

200 OK - Success, everything went as it should

301 Moved Permanently - there was something at that URL, but it was moved. It also provides you with new URL of that asset

403 Forbidden - We don’t have permissions to access that resource

404 Not Found - I think you are familiar with this code. It means, that the URL we want to access, does not exist Here, sometimes servers send 403 instead of 404 - to hide existence of some URL/resource

500 Internal Server Error - There was some error, and server doesn’t know how to handle it

503 Service Unavailable - Server can’t handle the request. It can be everything, but mostly it may be either down for maintenance or server is overloaded

On the side, there is a code called 418 I'm a teapot.

As MDN says

The HTTP 418 I'm a teapot client error response code indicates that the server refuses to brew coffee because it is, permanently, a teapot.

Yeah it really exists, I’m not kidding. It was created as a reference to April Fools’ joke from 1998 and 2014 - Hyper Text Coffee Pot Control Protocol

And yes, it has it’s own RFC specification

HTTP methods

These are used to indicate desired action for some resource. We call them HTTP verbs There are plenty of them, each has it’s own semantics - I’ll focus on 4 basic ones

GET - Retrieve data from server
POST - Submit something to the server, often causing some changes or side effects
PUT - It allows to create/update resources on the server, for (example)(It’s frequently disabled)
DELETE - Deletes the specific resource.

In forms, GET and POST are used - PUT and DELETE can be seen in APIs

With this said, time for quick overview of first 2 methods

`POST` method

As I mentioned before - This method indicates, we submit somthing to the server

We access form fields content just like in GET, but with a little difference - via superglobal $_POST (Not $_GET)

$field = $_POST['field'];

It behaves the same way as GET - go back to parts 3 and 5

Hold on, if we use those methods in the same way - do we need both? Can’t there be only one handled in PHP?

Let’s look at the differences

`POST` vs `GET`

So, let’s start with data visibility

Have you ever seen a URL looking something like this?

http://example.com/page?data=val

The end of this URL (?data=val) contains our GET data

So if user visits that page - We can access data field with

$data = $_GET['data'];
// Or just
echo $_GET['data'];
// Output: val

But if the request used POST method - URL would look like this

http://example.com/page

As we see, no additional data. But why?

Because POST data is added only to a request itself, not to the URL

And here, we come to the next part - Usage

GET should be used, when we want to request data from server ex. finding something using search bar
POST is meant to be utilized, when we need to pass data to the server, for further processing - like login or register

To sum up GET - To show user something dynamically POST - To send data from user, to be processed by the server

Handling other HTTP methods

While we have $_GET and $_POST superglobals for that methods, there aren’t any equivalents for another methods like PUT or DELETE

We won’t be utilizing them in our projects - yet if you write []REST API](https://www.ibm.com/topics/rest-apis), they can be found there

There is a simple trick to access that data - here for PUT method (same applies to delete)

$method = $_SERVER['REQUEST_METHOD'];
if ('PUT' === $method) {
    parse_str(file_get_contents('php://input'), $_PUT);
    var_dump($_PUT);
}

source: Stack Overflow

I will talk about $_SERVER later, and there are 2 function I’ll explain

parse_str() - It parses string in URL format (first argument), and writes it to array (second argument)
file_get_contents() - As the name says, it reads contents of a file, and saves it as a string And inside it php://input reads data from request body - that’s called []PHP wrapper](https://www.php.net/manual/en/wrappers.php.php)

`$_SERVER` superglobal

Last thing I’d like to mention here is $_SERVER

What is it? It’s a superglobal that contains execution and server information

Unlike $_GET or $_POST - we can’t really define it’s values from PHP code But it allows us to access some pretty interesting data - A few examples:

$_SERVER['PHP_SELF'] - Returns name of currently executed file
$_SERVER['SERVER_ADDR'] - IP address of server, executing PHP
$_SERVER['REQUEST_METHOD'] - This one contains request method. It was used in code snippet above
$_SERVER['REMOTE_ADDR'] - By reading this property we can obtain IP address of user (client)

There are of course much more of them - you can find them all here

Conclusion

I hope you enjoyed that tutorial - Every feedback is appreciated, so comments are for you

Check out other articles in this series (If you hadn’t read them) and rest of my posts - just pick something random

So, see you in next articles

Published: 11 Jan 2024
Author: wizarddos