Please Service My Requests.

I had a conversation with a friend about the unscrupulous use of http request methods. There are four major ones I use and this is how I think they should be used(or how I learnt over time to use them).

POST: This should be used when sending a message to the server, especially if that message is intended to be stored on the server. Examples are creating a new user, or inserting a new record generally into any particular table in the db. Also if you are storing a file on the server, use POST.

PUT: I use this method when I am updating a record on the server. Basically for db UPDATE instructions. I also found a way to use it to post files to the server when such files already exists, for example changing a profile picture.

DELETE: I use this method when I am removing something from the server or from a db on the server. It is almost self explanatory

GET: I use this sparingly, and following w3c specs, I make sure that whenever I use GET, there is no side effect on the server or db AT ALL. I use it only for retrieval of files and records from the server.

There are four more, HEAD, OPTIONS, CONNECT and TRACE. I really don’t use these ones.

I see some codes and I feel like cursing the developer. Especially PHP Codes. They use $_REQUEST for everything, regardless of what method they use on the form. I also saw a particular project where everything was POST(This is as unacceptable as having 500 lines of code under a single button click). This I think should not be, these methods are there to put some sanity in your code, and help the maintainer, so please use them. Best Practises are the Best

Advertisements

3 Comments »

  1. Bulama Yusuf said

    i fully support what you’ve talked about. i use those methods in the same way as well. cheers. with love from Abuja Nigeria.

    • clement said

      i agree with you too.Clement Benin

  2. Temidayo said

    There was a thread about this issue that i was involved with sometimes ago.
    It can be found here:
    http://forums.devnetwork.net/viewtopic.php?f=34&t=97820&start=30

    You can read the whole thread if you are interested.

    In the thread using $_REQUEST was proved to be insecure, basically because
    it has $_COOKIES in the array merge. I gathered $_COOKIES has been removed from $_REQUEST as from PHP 5.3.

    Whatever you use(if you are really security conscious) ensure you do server side validation, know where your data is coming from and check for expected data.

RSS feed for comments on this post · TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: