What's up - today another part of this crash course
Do you remember, when in part 2, we have written this
<form action="page.php" method="GET"></form>
And I told you
It sound's a bit enigmatic, but I'll cover basics it soon.
And then, this
[...]That's how we get data from GET form - inside single quotes we place name of the field. But about it, later in this course [...]
High time has come - here is a quick summary of what will we learn today
- HTTP - What is it and how it works
- HTTP methods and HTTP response codes
-
POST
method more in depth -
POST
vsGET
- what are differences - Handling other HTTP methods
- Overview of
$_SERVER
So, let's not waste time and start learning
HTTP - what is it?
HTTP stands for "Hypertext Transfer Protocol" - It's basic protocol of web communication and foundation of world wide web.
It functions as a request-response protocol in client-server
model
And a quick explanation
- Request - package of data, that our browser sends (Like we want to visit dev.to)
- Response - package of data sent by server to us. That's the content that we wanted (and requested)
- Client - One, that sends requests (browser, application)
- Server - One, that responds to requests (Web server)
I won't go into technical depths of how it works - That's PHP, not networking course
If you are really into it, you can read RFC 9113 - it defines, how it works and explains whole magic behind it
And to some clarification - what's the difference between HTTP and HTTPS?
HTTPS is secure version of HTTP (S in that acronym stands for Secure) - That means, whole connection is encrypted and after intercepting such traffic, attacker has some additional work to do, but sometimes it might be impossible for threat actor to decipher that communication
Yeah, there was a little bit of offtop, so let's get into something strictly connected to HTTP
HTTP Response status codes
This part is important - as it might be useful in typical life too
Browsers should know, what happened to their requests - they receive this information through response status codes
They are grouped in 5 classes
- 1xx - Informational
- 2xx - Success
- 3xx - Redirection
- 4xx - Client error
- 5xx - Server error
Of course xx
is replaced with some number - you will see it
Every code can be found here, and here are some of the most common ones
200 OK
- Success, everything went as it should
301 Moved Permanently
- there was something at that URL, but it was moved. It also provides you with new URL of that asset
403 Forbidden
- We don't have permissions to access that resource
404 Not Found
- I think you are familiar with this code. It means, that the URL we want to access, does not exist
Here, sometimes servers send 403
instead of 404
- to hide existence of some URL/resource
500 Internal Server Error
- There was some error, and server doesn't know how to handle it
503 Service Unavailable
- Server can't handle the request. It can be everything, but mostly may be either down for maintenance or server is overloaded
On the side, there is a code called 418 I'm a teapot
.
As MDN says
The HTTP
418 I'm a teapot
client error response code indicates that the server refuses to brew coffee because it is, permanently, a teapot.
Yeah it really exists, I'm not kidding. It was created as a reference to April Fools' joke from 1998 and 2014 - Hyper Text Coffee Pot Control Protocol
And yes, it has it's own RFC specification
HTTP methods
These are used to indicate desired action for some resource.
Although they might be nouns, we can hear people commonly referring to them as HTTP verbs.
There are plenty of them, each has it's own semantics - but here I'll focus on 4 basic ones
-
GET
- Retrieve data from server -
POST
- Submit something to the server, often causing some changes or side effects -
PUT
- Often disabled method, as it allows to create/update resources on the server (example) -
DELETE
- Deletes the specific resource. It's also kind of insecure, asPUT
To be fair, we will only focus on first 2 - as rest is rarely used in PHP
POST
method
As I mentioned before - It's another HTTP method in requests
We access form fields content just like in get, but with a little difference - via superglobal $_POST
(Not $_GET
)
$field = $_POST['field'];
It has the same qualities as $_GET
- And after parts 3 and 4, I think you know how to use it
But, why do we have 2 of them? Can't there be just one? What are the differences?
POST
vs GET
So, let's start with data visibility
Have you ever seen a URL looking something like this?
http://example.com/page?data=val
The end of this URL (?data=val
) contains our GET
data
So if user requested that page, we could access it with
$data = $_GET['data'];
echo $_GET['data'];
// Output: val
But if the request used POST
method - URL would look like this
http://example.com/page
As we see, no additional data. But why?
Because POST
data is added only to a request itself, not to the URL
And here, we come to the next part - Usage
I'll repeat myself.
So, as I mentioned before
-
GET
should be used, when we want to request data from server ex. finding something using search bar -
POST
is meant to be utilized, when we need to pass data to the server, for it to further process them - like login or register
To sum up
GET
- To show user something dynamically
POST
- To send data from user, to be processed by server
Handling other HTTP methods
While we have $_GET
and $_POST
superglobals for that methods, there aren't any equivalents for another methods like PUT
or DELETE
I don't really recommend using them, but if you really have to there is a simple trick to do it - here for PUT
method (same applies to delete)
$method = $_SERVER['REQUEST_METHOD'];
if ('PUT' === $method) {
parse_str(file_get_contents('php://input'), $_PUT);
var_dump($_PUT);
}
source: Stack Overflow
I will talk about $_SERVER
later, and there are 2 function I'll explain
parse_str()
- It parses string in URL format (first argument), and writes it to array (second argument)file_get_contents()
- As the name says, it reads contents of a file, and saves it as a string
And inside itphp://input
reads data from request body - that's so called PHP wrapper
$_SERVER
superglobal
Last thing I'd like to mention here is $_SERVER
What is it? It's superglobal that contains execution and server information
Unlike $_GET
or $_POST
- we can't really define it's values from PHP code
But it allows us to access some pretty interesting data - A few examples:
-
$_SERVER['PHP_SELF']
- Returns filename of currently executed file -
$_SERVER['SERVER_ADDR']
- IP address of server that executes PHP code -
$_SERVER['REQUEST_METHOD']
- This one contains request method. It was used in code snippet above -
$_SERVER['REMOTE_ADDR']
- By reading this property we can obtain IP address of user (client)
There are of course much more of them - you can find them all here
And, that's it - you should now understand what's going on with this
Conclusion
I hope you enjoyed that tutorial - Every feedback is appreciated, so comments are for you
There are 9 more parts left, and then we will start our projects
Also, check out other articles in this series (If you hadn't read them) and rest of my posts
So, see you in next articles
Top comments (0)