$_POST vs $HTTP_RAW_POST_DATA vs php://input and enctype

http post

$_POST vs $HTTP_RAW_POST_DATA vs php://input and enctype

This post will answer the following questions:

  • What is form HTTP Request POST ?
  • What is enctype?
  • How to access the posted values?
  • Why is the $_POST not having any data in it?

What is HTTP Request POST?

It is one of the request methods associated with insertion of the data. Usually, GET is associated with retrieval, PUT is with update and DELETE is with removal.

Post size is determined by the php.ini setting of post_max_size. Also the directive enable_post_data_reading can disable post reading if it is turned On.

What is enctype?

When the form with method=”post” is submitted, the browser determines the encryption type on how the form elements shall be sent to the server:

application/x-www-form-urlencoded – Spaces and all special characters are encoded.

multipart/form-data – Nothing would be encoded. This is a must when the form is using file upload.

text/plain – Only spaces would be converted to + all other post data remain the same.

How to access the posted values?

There are three ways to access the posted data

1. Using $_POST – This is the most common way for accessing POST data in all enctype cases. When the form enctype is multipart/form-data, the data part can be handled by $_POST and file would be handled by $_FILE

//enctype='multipart/form-data' or ContentType: multipart/form-data in header
$posted_data = $_POST; //this holds all the posted data
$files = $_FILE;

In all cases, the $_POST would provide the data decrypted with key value pair.

2. Using $HTTP_RAW_POST_DATA – as the name implies, it will get the raw encrypted $_POST data. This is predefined variable, like $_POST and $_GET, is not available by default and it requires the php.ini directive always_populate_raw_post_data = On

$raw_data = $HTTP_RAW_POST_DATA;

Remember, the $raw_data is in its raw format that could be encrypted it needs decryption before usage unlike $_POST

3. Using php://input – this is a read only stream which works just like $HTTP_RAW_POST_DATA except it doesn’t depend on php.ini directive. This also does’t work on the enctype=’multipart/form-data’ like that of $HTTP_RAW_POST_DATA counterpart.

The other similarity is, it also provides the data as raw, so it is up to the programmer to url decode and use it

$raw_post = file_get_contents('php://input');

According to php.net, the $HTTP_RAW_POST_DATA is deprecated as of 5.6 and removed on 7 so the php://input should be used in place anytime.

Why is the $_POST not having any data in it?

We were having this problem when trying to parse the post to our server which is a postback from third party.

When we test our API with normal key value pair it was working.

Then the co worker suggests using php://input and voila, it was working! And the packet was full fledged json data.

But what happened?

The $_POST is expecting the packets to be in the form of param1=value1&param2=value2&param3=value3.. and when it tries to prepare it as array expecting & as an exploding marker and if it is not there, then $_POST would respond blank array

Post to Facebook From app – Using PHP

connect to sftp from php

how to deploy symfony application to the production server

Deploying Symfony on Production Server

Run single phpunit test

composer install-update killed on vagrant machine

  1. Alan

    WONDERFUL Post.thanks for share..more delay ..

  2. clash royale hack

    Thanks for the great info, it actually comes in handy.

Leave a Reply

Your email address will not be published. Required fields are marked *