Right method to check if user submitted a form

I have a page with a form. Which of the following methods is the best to use to check if the form is submitted? And how are they different?

Method 1:

if($_SERVER['REQUEST_METHOD'] == 'POST'){
    //some code
}

Method 2:

if(isset($_POST['submit'])){
    //some code
}

Method 3 (obviously if I add submitted=true on submit to the query string):

if($_GET['submitted'] == true){
    //some code
}

Answer

The method 1 and method 2 are the most appropriate ones.

If you validate the form using a $_GET['submitted'] == true this could easily be cracked by the end user which creates a security breach.

The best method i think is the first one

if($_SERVER['REQUEST_METHOD'] == 'POST')

This piece of code works good even on dynamically generated forms wherein you do not have to check a post variable.

Leave a Reply

Your email address will not be published. Required fields are marked *