$_POST vs $HTTP_RAW_POST_DATA vs php://input and enctype
This post will answer the following questions:
- What is form HTTP Request POST ?
- What is enctype?
- How to access the posted values?
- Why is the $_POST not having any data in it?
What is HTTP Request POST?
It is one of the request methods associated with insertion of the data. Usually, GET is associated with retrieval, PUT is with update and DELETE is with removal.
Post size is determined by the php.ini setting of
post_max_size. Also the directive
enable_post_data_reading can disable post reading if it is turned On.
What is enctype?
When the form with method=”post” is submitted, the browser determines the encryption type on how the form elements shall be sent to the server:
application/x-www-form-urlencoded – Spaces and all special characters are encoded.
multipart/form-data – Nothing would be encoded. This is a must when the form is using file upload.
text/plain – Only spaces would be converted to + all other post data remain the same.
How to access the posted values?
There are three ways to access the posted data
1. Using $_POST – This is the most common way for accessing POST data in all enctype cases. When the form enctype is
multipart/form-data, the data part can be handled by $_POST and file would be handled by $_FILE
//enctype='multipart/form-data' or ContentType: multipart/form-data in header $posted_data = $_POST; //this holds all the posted data $files = $_FILE;
In all cases, the $_POST would provide the data decrypted with key value pair.
2. Using $HTTP_RAW_POST_DATA – as the name implies, it will get the raw encrypted $_POST data. This is predefined variable, like $_POST and $_GET, is not available by default and it requires the php.ini directive
always_populate_raw_post_data = On
$raw_data = $HTTP_RAW_POST_DATA;
$raw_data is in its raw format that could be encrypted it needs decryption before usage unlike
3. Using php://input – this is a read only stream which works just like $HTTP_RAW_POST_DATA except it doesn’t depend on php.ini directive. This also does’t work on the enctype=’multipart/form-data’ like that of $HTTP_RAW_POST_DATA counterpart.
The other similarity is, it also provides the data as raw, so it is up to the programmer to url decode and use it
$raw_post = file_get_contents('php://input');
According to php.net, the $HTTP_RAW_POST_DATA is deprecated as of 5.6 and removed on 7 so the php://input should be used in place anytime.
Why is the $_POST not having any data in it?
We were having this problem when trying to parse the post to our server which is a postback from third party.
When we test our API with normal key value pair it was working.
Then the co worker suggests using php://input and voila, it was working! And the packet was full fledged json data.
But what happened?
The $_POST is expecting the packets to be in the form of param1=value1¶m2=value2¶m3=value3.. and when it tries to prepare it as array expecting & as an exploding marker and if it is not there, then $_POST would respond blank array
connect to sftp from php
how to deploy symfony application to the production server
Deploying Symfony on Production Server
Run single phpunit test
composer install-update killed on vagrant machine
WONDERFUL Post.thanks for share..more delay ..
clash royale hack
Thanks for the great info, it actually comes in handy.