Php get server request method

$_SERVER

$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server, therefore there is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. However, most of these variables are accounted for in the » CGI/1.1 specification, and are likely to be defined.

Note: When running PHP on the command line most of these entries will not be available or have any meaning.

In addition to the elements listed below, PHP will create additional elements with values from request headers. These entries will be named HTTP_ followed by the header name, capitalized and with underscores instead of hyphens. For example, the Accept-Language header would be available as $_SERVER[‘HTTP_ACCEPT_LANGUAGE’] .

Indices

‘ PHP_SELF ‘ The filename of the currently executing script, relative to the document root. For instance, $_SERVER[‘PHP_SELF’] in a script at the address http://example.com/foo/bar.php would be /foo/bar.php . The __FILE__ constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name. ‘argv’ Array of arguments passed to the script. When the script is run on the command line, this gives C-style access to the command line parameters. When called via the GET method, this will contain the query string. ‘argc’ Contains the number of command line parameters passed to the script (if run on the command line). ‘ GATEWAY_INTERFACE ‘ What revision of the CGI specification the server is using; e.g. ‘CGI/1.1’ . ‘ SERVER_ADDR ‘ The IP address of the server under which the current script is executing. ‘ SERVER_NAME ‘ The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.

Note: Under Apache 2, UseCanonicalName = On and ServerName must be set. Otherwise, this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts.

‘ SERVER_SOFTWARE ‘ Server identification string, given in the headers when responding to requests. ‘ SERVER_PROTOCOL ‘ Name and revision of the information protocol via which the page was requested; e.g. ‘HTTP/1.0’ ; ‘ REQUEST_METHOD ‘ Which request method was used to access the page; e.g. ‘GET’ , ‘HEAD’ , ‘POST’ , ‘PUT’ .

Note:

PHP script is terminated after sending headers (it means after producing any output without output buffering) if the request method was HEAD .

‘ REQUEST_TIME ‘ The timestamp of the start of the request. ‘ REQUEST_TIME_FLOAT ‘ The timestamp of the start of the request, with microsecond precision. ‘ QUERY_STRING ‘ The query string, if any, via which the page was accessed. ‘ DOCUMENT_ROOT ‘ The document root directory under which the current script is executing, as defined in the server’s configuration file. ‘ HTTPS ‘ Set to a non-empty value if the script was queried through the HTTPS protocol. ‘ REMOTE_ADDR ‘ The IP address from which the user is viewing the current page. ‘ REMOTE_HOST ‘ The Host name from which the user is viewing the current page. The reverse dns lookup is based on the REMOTE_ADDR of the user.

Note: The web server must be configured to create this variable. For example in Apache HostnameLookups On must be set inside httpd.conf for it to exist. See also gethostbyaddr() .

‘ REMOTE_PORT ‘ The port being used on the user’s machine to communicate with the web server. ‘ REMOTE_USER ‘ The authenticated user. ‘ REDIRECT_REMOTE_USER ‘ The authenticated user if the request is internally redirected. ‘ SCRIPT_FILENAME ‘

The absolute pathname of the currently executing script.

Note:

If a script is executed with the CLI, as a relative path, such as file.php or ../file.php , $_SERVER[‘SCRIPT_FILENAME’] will contain the relative path specified by the user.

‘ SERVER_ADMIN ‘ The value given to the SERVER_ADMIN (for Apache) directive in the web server configuration file. If the script is running on a virtual host, this will be the value defined for that virtual host. ‘ SERVER_PORT ‘ The port on the server machine being used by the web server for communication. For default setups, this will be ’80’ ; using SSL, for instance, will change this to whatever your defined secure HTTP port is.

Note: Under Apache 2, UseCanonicalName = On , as well as UseCanonicalPhysicalPort = On must be set in order to get the physical (real) port, otherwise, this value can be spoofed, and it may or may not return the physical port value. It is not safe to rely on this value in security-dependent contexts.

‘ SERVER_SIGNATURE ‘ String containing the server version and virtual host name which are added to server-generated pages, if enabled. ‘ PATH_TRANSLATED ‘ Filesystem- (not document root-) based path to the current script, after the server has done any virtual-to-real mapping.

Note: Apache 2 users may use AcceptPathInfo = On inside httpd.conf to define PATH_INFO .

‘ SCRIPT_NAME ‘ Contains the current script’s path. This is useful for pages which need to point to themselves. The __FILE__ constant contains the full path and filename of the current (i.e. included) file. ‘ REQUEST_URI ‘ The URI which was given in order to access this page; for instance, ‘ /index.html ‘. ‘ PHP_AUTH_DIGEST ‘ When doing Digest HTTP authentication this variable is set to the ‘Authorization’ header sent by the client (which you should then use to make the appropriate validation). ‘ PHP_AUTH_USER ‘ When doing HTTP authentication this variable is set to the username provided by the user. ‘ PHP_AUTH_PW ‘ When doing HTTP authentication this variable is set to the password provided by the user. ‘ AUTH_TYPE ‘ When doing HTTP authentication this variable is set to the authentication type. ‘ PATH_INFO ‘ Contains any client-provided pathname information trailing the actual script filename but preceding the query string, if available. For instance, if the current script was accessed via the URI http://www.example.com/php/path_info.php/some/stuff?foo=bar , then $_SERVER[‘PATH_INFO’] would contain /some/stuff . ‘ ORIG_PATH_INFO ‘ Original version of ‘ PATH_INFO ‘ before processed by PHP.

Examples

Example #1 $_SERVER example

Источник

Массив $_SERVER

Описание значений глобального массива $_SERVER с примерами.

Параметры сервера

Имя хоста, обычно совпадает с доменом.

Название и версия сервера.

Версия сервера и имя виртуального хоста, обычно пуста.

Имя и версия используемого HTTP протокола.

Значение из директивы конфигурационного файла Apache.
На хостингах указывают контактный e-mail.

Параметры соединения

Имя сервера, как правило, совпадает с доменом.

IP-адрес, с которого пользователь просматривает текущую страницу.

64.246.37.238 fe80:0:0:0:200:f8ff:fe21:67cf

Удаленный хост, с которого пользователь просматривает текущую страницу.

Порт на удаленной машине, который используется для связи с веб-сервером.

Время запроса к серверу в Unix timestamp.

​Время запроса к серверу с точностью до микросекунд.

Пути на сервере

Директория корня сайта, в которой выполняется текущий скрипт.

/home/example.com/public_html

Появился в Apache2, то же самое что и DOCUMENT_ROOT .

Содержит путь, содержащийся после имени скрипта.
Например для адреса http://site.ru/index.php/123 значение будет следующим:

Исходное значение переменной PATH_INFO перед обработкой PHP.

Путь и имя выполняемого скрипта.

​Путь к исполняемому скрипту относительно корня сайта, обычно равен SCRIPT_NAME .

​Абсолютный путь к исполняемому скрипту.

/home/example.com/public_html/index.php

Авторизация на .htpasswd

Метод HTTP аутентификации.

$_SERVER[‘REMOTE_USER’] и $_SERVER[‘PHP_AUTH_USER’]

HTTPS

$_SERVER[‘HTTPS’] , $_SERVER[‘HTTP_X_HTTPS’] , $_SERVER[‘REDIRECT_HTTPS’]

URL

Значения в примерах приведены для адреса http://site.ru/index.php?page=1&sort=2

URI страницы с GET-параметрами, без домена.

Количество элементов массива $_SERVER[‘argv’] .

​Содержит URL страницы без GET-параметров и домена.

Заголовки браузера

Строка, обозначающая браузер и операционную систему, который открыл данную страницу.

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Куки браузера в виде строки: ключ=значение; ключ=значение;.
Данные доступны в переменной $_COOKIE .

_ym_uid=xxx; _ym_d=xxx; PHPSESSID=xxx;

Адрес страницы, с которой браузер пользователя перешёл на текущую страницу.

Содержимое заголовка Accept из текущего запроса.

text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

HTTP заголовок переданный клиентом, говорящий о том какие алгоритмы сжатия он может понять.

​Содержимое заголовка Accept-Language .

Предпочтения клиента относительно кодировки.

Значение заголовка Connection .

Браузер отправляет этот заголовок со значением 1 , выражающий предпочтение клиента для зашифрованного ответа.

Дамп переменной $ _SERVER

Для тестирования, значения массива $ _SERVER для разных клиентов можно скидывать в лог-файл:

file_put_contents(__DIR__ . '/server.log', print_r($_SERVER, true) . PHP_EOL, FILE_APPEND);

Источник

PHP — detect http request type in PHP (GET, POST, PUT, DELETE)

Leen-Kerr

In this article, we would like to show you how to detect the request method in PHP.

Server request method parameter example

Note: $_PUT and $_DELETES arrays are not supported in php it means php://input stream should be parsed.

Note: ajax.htm and backend.php should be placed on php server both.

References

Источник

The REQUEST_METHOD superglobal in PHP

It is sometimes useful to know the HTTP request method, and PHP makes this easy via the REQUEST_METHOD super global..

To check the request method you may use the $_SERVER[‘REQUEST_METHOD’] variable, the $_SERVER is a PHP superglobal that is available to you at any time, even inside functions and classes.

To use the REQUEST_METHOD variable you could just echo its contents, but it is probably more useful in a switch or if statement.

if ($_SERVER['REQUEST_METHOD'] == 'POST')  echo 'The request was POST'; exit(); > else  http_response_code(405); header('Allow: GET, HEAD'); echo '
405 Method Not Allowed
'; exit(); > 

When to use REQUEST_METHOD

The REQUEST_METHOD variable may be used whenever you need to determine the HTTP request type.

For example, if you know your application only accepts user input via HTTP post requests, it is recommended to block other types of requests, and inform the user that the request is not valid.

It can be used as part of the server-side validation of user input, before attempting to validate the input itself.

The REQUEST_METHOD variable is filled out by PHP based on the HTTP request type, and can therefor be safely used without validation. There should be no risk of injection attacks in this variable.

We can not simply check if $_POST and $_GET is empty, since they are always defined, even if all the HTML form fields are empty.

Links

Источник