Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently is
to parse their values by reading the incoming stream directly.
Is there a reason why we don't want this or is it just that nobody has
actually written it yet?
--Kris
Last time it stranded here:
internals@lists.php.net/msg67294.html" rel="nofollow" target="_blank">https://www.mail-archive.com/internals@lists.php.net/msg67294.html
And I believe it's been up a number of times before that.
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?--Kris
--
<hype>
WWW: plphp.dk / plind.dk
CV: careers.stackoverflow.com/peterlind
LinkedIn: plind
Twitter: kafe15
</hype
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?
$_GET and $_POST are really misnomers. $_GET is query string parameters, $_POST is request body data.
We should just put the request bodies for all requests, not just POST, into $_POST.
--
Andrea Faulds
http://ajf.me/
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently
is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?$_GET and $_POST are really misnomers. $_GET is query string parameters,
$_POST is request body data.We should just put the request bodies for all requests, not just POST,
into $_POST.--
Andrea Faulds
http://ajf.me/
The problem with that approach though is that it would not be RESTful. I'm
developing a REST API (with the goal of 100% REST compliance) and having
PUT/DELETE variables mixed in with $_POST would not only be
counter-intuitive, but it would just present a new roadblock.
Incorporating GET in there, as well, would make things even worse.
Basically, if we have $_GET and $_POST, then we should also have $_PUT and
$_DELETE. Either that, or they should all be tossed. There's no reason
why $_PUT and $_DELETE should not also exist.
--Kris
Kris Craig wrote (on 14/10/2014):
The problem with that approach though is that it would not be RESTful. I'm
developing a REST API (with the goal of 100% REST compliance) and having
PUT/DELETE variables mixed in with $_POST would not only be
counter-intuitive, but it would just present a new roadblock.
This makes no sense; there is no such thing as "PUT/DELETE variables" in
HTTP, any more than there is such things as "POST variables".
Just imagine that the variables are called $_QUERY_STRING and
$_REQUEST_BODY. They should be completely orthogonal to the request method.
Note that this is already true to an extent - you can access the query
string through $_GET on a POST request, and $_POST will exist as an
empty array.
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently
is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?$_GET and $_POST are really misnomers. $_GET is query string parameters,
$_POST is request body data.We should just put the request bodies for all requests, not just POST,
into $_POST.The problem with that approach though is that it would not be RESTful. I'm
developing a REST API (with the goal of 100% REST compliance) and having
PUT/DELETE variables mixed in with $_POST would not only be
counter-intuitive, but it would just present a new roadblock.
Incorporating GET in there, as well, would make things even worse.Basically, if we have $_GET and $_POST, then we should also have $_PUT and
$_DELETE. Either that, or they should all be tossed. There's no reason
why $_PUT and $_DELETE should not also exist.
Putting everything into $_POST isn’t a question of being RESTful or not. REST in a
Web application happens at the HTTP protocol level and not the PHP level.
That said, it would be confusing to place the request body for all requests into $_POST.
You also have to consider PATCH and the potential body for other HTTP methods. The
easiest way to get the body of any HTTP request is to use the input stream:
$requestBody = file_get_contents('php://input');
I suppose we could make a super global that returns that for us, but it’s just as easy to
use the above. Additionally, you might not want to put the full body of the request into
memory like that. You might rather read the stream only a few bytes at a time.
-Ben
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently
is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?$_GET and $_POST are really misnomers. $_GET is query string parameters,
$_POST is request body data.We should just put the request bodies for all requests, not just POST,
into $_POST.--
Andrea Faulds
http://ajf.me/The problem with that approach though is that it would not be RESTful. I'm
developing a REST API (with the goal of 100% REST compliance) and having
PUT/DELETE variables mixed in with $_POST would not only be
counter-intuitive, but it would just present a new roadblock.
Incorporating GET in there, as well, would make things even worse.Basically, if we have $_GET and $_POST, then we should also have $_PUT and
$_DELETE. Either that, or they should all be tossed. There's no reason
why $_PUT and $_DELETE should not also exist.--Kris
This has nothing to do with REST.
$_GET doesn't even relate to GET requests, it's just query parameters.
Query parameters exist in all types of requests because they are part
of the URI.
$_POST (even if only parsed for POST requests) also represents just
the request body parsed from a very specific format.
There's no reason to have $_PUT, $_DELETE, etc. because they would
represent the same thing - php://input parsed from
application/x-www-form-urlencoded.
That being said, from a purely semantic prospective, both $_GET and
$_POST should be tossed - yes. In reality, you can't do that because
virtually all PHP applications use them. But this is no reason to add
even more global vars with such misleading ... meanings.
What would be nice is to be able to register userland parsers into a
"request body parser" of some kind, so that you can have automatic
parsing depending on the Content-Type header.
Cheers,
Andrey.
That being said, from a purely semantic prospective, both $_GET and
$_POST should be tossed - yes. In reality, you can't do that because
virtually all PHP applications use them. But this is no reason to add
even more global vars with such misleading ... meanings.
Let’s add $_REQUEST_BODY and $_QUERY_STRING and make them aliases of $_GET and $_POST then. Because they’re aliases (by-reference superglobals), there’s no additional memory consumption, but we finally have saner names.
Andrea Faulds
http://ajf.me/
Let’s add $_REQUEST_BODY and $_QUERY_STRING and make them aliases of $_GET
and $_POST then. Because they’re aliases (by-reference superglobals),
there’s no additional memory consumption, but we finally have saner names.
$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY (for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
--
Andrea Faulds
http://ajf.me/
On 14 Oct 2014, at 14:27, Kristopher kristopherwilson@gmail.com wrote:
$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY (for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
--
Andrea Faulds
http://ajf.me/
+1 for this. This would hopefully also eliminate the confusion for new developers (or not-so-new developers) who don’t quite understand that $_GET and $_POST don’t strictly relate to their HTTP verbs of the same name.
--
Mike Dugan
--
$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY
(for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes
sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
--
Andrea Faulds
http://ajf.me/+1 for this. This would hopefully also eliminate the confusion for new
developers (or not-so-new developers) who don’t quite understand that $_GET
and $_POST don’t strictly relate to their HTTP verbs of the same name.--
Mike Dugan
That could work, though the BC breakage will be extreme. I'm not sure if
that's worth it even in a major version increment. On the other hand,
making $_PUT and $_DELETE available wouldn't break anything and wouldn't
require re-training for devs.
--Kris
$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY
(for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes
sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
--
Andrea Faulds
http://ajf.me/+1 for this. This would hopefully also eliminate the confusion for new
developers (or not-so-new developers) who don’t quite understand that $_GET
and $_POST don’t strictly relate to their HTTP verbs of the same name.--
Mike Dugan
That could work, though the BC breakage will be extreme. I'm not sure if
that's worth it even in a major version increment. On the other hand,
making $_PUT and $_DELETE available wouldn't break anything and wouldn't
require re-training for devs.
...but is also the wrong solution. It's not scalable, and the only
sensible way to implement them would be as aliases of $_POST, because
they would contain the same data. How does this fundamentally differ
from $_BODY (or whatever)?
On 14 Oct 2014, at 14:27, Kristopher kristopherwilson@gmail.com
wrote:$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY
(for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes
sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
--
Andrea Faulds
http://ajf.me/+1 for this. This would hopefully also eliminate the confusion for new
developers (or not-so-new developers) who don’t quite understand that
$_GET
and $_POST don’t strictly relate to their HTTP verbs of the same name.--
Mike Dugan
That could work, though the BC breakage will be extreme. I'm not sure if
that's worth it even in a major version increment. On the other hand,
making $_PUT and $_DELETE available wouldn't break anything and wouldn't
require re-training for devs....but is also the wrong solution. It's not scalable,
How is it not scalable, exactly? It's just a couple aliases.
and the only
sensible way to implement them would be as aliases of $_POST, because
they would contain the same data. How does this fundamentally differ
from $_BODY (or whatever)?
It's not supposed to functionally differ. It's supposed to create some
better consistency and make it easier for devs to differentiate between
different REST methods when retrieving data. If REQUEST_METHOD is PUT,
then I can set the parsed params to the value of $_PUT. The aliases match
the methods used, making the code that much more readable and scalable.
--Kris
On 14 Oct 2014, at 14:27, Kristopher kristopherwilson@gmail.com
wrote:$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY
(for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes
sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
--
Andrea Faulds
http://ajf.me/+1 for this. This would hopefully also eliminate the confusion for new
developers (or not-so-new developers) who don’t quite understand that
$_GET
and $_POST don’t strictly relate to their HTTP verbs of the same name.--
Mike Dugan
That could work, though the BC breakage will be extreme. I'm not sure if
that's worth it even in a major version increment. On the other hand,
making $_PUT and $_DELETE available wouldn't break anything and wouldn't
require re-training for devs....but is also the wrong solution. It's not scalable,
How is it not scalable, exactly? It's just a couple aliases.
Because in a few years when the FOO request method has become
commonplace we will get requests to add support for $_FOO, and then
$_BAR, and the $_CHEESE... where does it end?
and the only
sensible way to implement them would be as aliases of $_POST, because
they would contain the same data. How does this fundamentally differ
from $_BODY (or whatever)?It's not supposed to functionally differ. It's supposed to create some
better consistency and make it easier for devs to differentiate between
different REST methods when retrieving data. If REQUEST_METHOD is PUT,
then I can set the parsed params to the value of $_PUT. The aliases match
the methods used, making the code that much more readable and scalable.
This doesn't actually help anything, though, if anything it hinders
it. You route your request based on the method, this way you would
either have to couple the first layer after routing to the method by
using a specific named superglobal at that layer, or have a
switch/case, variable variable or some other nastiness at the top
level to pick the right superglobal to the next layer.
If the form data submitted by the request entity body - always in the
same place in every HTTP request message - is always in the same data
store at the PHP layer, there's an extra decision taken away.
--Kris
To be brutally honest I see this as a discussion of highly
questionable merit anyway, due to the fact that in the overwhelming
majority of cases where the request method is not POST the entity body
will not represent HTML form data - browsers don't make requests of
these methods with the involvement of client-side scripting at the
moment (or in the foreseeable future), the content type of the request
body is highly unlikely to be something PHP would even attempt to
decode.
Sorry.
--
Mike Dugan
mike@mjdugan.com
On 14 October 2014 14:57, Kris Craig kris.craig@gmail.com wrote:
On Tue, Oct 14, 2014 at 6:50 AM, Chris Wright cw@daverandom.com wrote:
...but is also the wrong solution. It's not scalable,
How is it not scalable, exactly? It's just a couple aliases.
Because in a few years when the FOO request method has become
commonplace we will get requests to add support for $_FOO, and then
$_BAR, and the $_CHEESE... where does it end?
and the only
sensible way to implement them would be as aliases of $_POST, because
they would contain the same data. How does this fundamentally differ
from $_BODY (or whatever)?
It's not supposed to functionally differ. It's supposed to create some
better consistency and make it easier for devs to differentiate between
different REST methods when retrieving data. If REQUEST_METHOD is PUT,
then I can set the parsed params to the value of $_PUT. The aliases match
the methods used, making the code that much more readable and scalable.
To be brutally honest I see this as a discussion of highly
questionable merit anyway, due to the fact that in the overwhelming
majority of cases where the request method is not POST the entity body
will not represent HTML form data - browsers don't make requests of
these methods with the involvement of client-side scripting at the
moment (or in the foreseeable future), the content type of the request
body is highly unlikely to be something PHP would even attempt to
decode.
Sorry.
At this point I’m a bit confused about what the scope of the discussion is. Are we talking about creating more semantic aliases for $_GET and $_POST, or integrating support to retrieve data from $_POST based on the HTTP method, or a little bit of both?
—
Mike Dugan
It's not supposed to functionally differ. It's supposed to create some
better consistency and make it easier for devs to differentiate between
different REST methods when retrieving data. If REQUEST_METHOD is PUT,
then I can set the parsed params to the value of $_PUT. The aliases match
the methods used, making the code that much more readable and scalable.
For that to be consistent, you would need to unset $_GET on POST
requests, which would be ... unhelpful.
GET and POST are simply the wrong names. Naming more things based on
them is just engraining a mistake.
--
Rowan Collins
[IMSoP]
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Am I missing something. I've used $_REQUEST since day one since the form
returns are always a combination of the Post and url data ...
All right if state variables are passed with the URL, I may just use
$_GET but only because I know I'm GETting back the previous state. I
just don't see the need for this debate.
--
Lester Caine - G8HFL
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
On 14/10/14 14:41, Mike Dugan wrote:
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
That was actually Andrea’s reply. I don’t the intent was the $_REQUEST is new, just clarifying that it would still contain the same data.
Am I missing something. I've used $_REQUEST since day one since the form
returns are always a combination of the Post and url data ...
All right if state variables are passed with the URL, I may just use
$_GET but only because I know I'm GETting back the previous state. I
just don't see the need for this debate.
The entire point of this debate is that $_GET are passed through the URL and not necessarily indicative of a GET (HTTP) action. You could just as easily POST data to a URL with parameters, so although you would access those URL params via $_GET, the HTTP request itself isn’t a GET request. If you pass state data through the URL, there’s no mandate that you're GETting anything, rather you’re accessing the query string that’s appended to the URL regardless of the HTTP action.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--
--
Mike Dugan
mike@mjdugan.com
2014-10-14 18:31 GMT+03:00 Mike Dugan mike@mjdugan.com:
The entire point of this debate is that $_GET are passed through the URL and not necessarily indicative of a GET (HTTP) action. You could just as easily POST data to a URL with parameters, so although you would access those URL params via $_GET, the HTTP request itself isn’t a GET request. If you pass state data through the URL, there’s no mandate that you're GETting anything, rather you’re accessing the query string that’s appended to the URL regardless of the HTTP action.
The main problem that we must solve - getting data as ассоц array,
from body request when request method PUT, DELETE,...
Now
file_get_contents(‘php://input') but
php://input is not available with enctype="multipart/form-data"
Need to make access to these data, in global variables for all HTTP
request methods.
2014-10-14 16:29 GMT+03:00 Andrea Faulds ajf@ajf.me:
$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY (for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
+1
I RESTful a developer, agree this proposal!
I hope someone will write the RFC and vote for it, it is necessary to
move from words to deeds.
2014-10-14 16:29 GMT+03:00 Andrea Faulds ajf@ajf.me:
On 14 Oct 2014, at 14:27, Kristopher kristopherwilson@gmail.com wrote:
$_HTTP_REQUEST_BODY and $_HTTP_QUERY_STRING for nostalgia's sake.
Ew, non-superglobals.
But $_REQUEST_BODY and $_QUERY_STRING are a bit lengthy. Perhaps $_QUERY (for $_GET) and $_BODY (for $_POST)? Then the variable set finally makes sense, but isn’t too long:
- $_QUERY - query string parameters
- $_BODY - request body parameters
- $_REQUEST - query string and request body parameters
Makes more sense than $_GET and $_POST.
Any objections?
+1
I RESTful a developer, agree this proposal!
I hope someone will write the RFC and vote for it, it is necessary to
move from words to deeds.
--
If no one else is already working on it, I can write one up this morning/early this afternoon and submit it.
—
Mike Dugan
2014-10-14 17:09 GMT+03:00 Mike Dugan mike@mjdugan.com:
If no one else is already working on it, I can write one up this
morning/early this afternoon and submit it.
Ok
The RFC In this topic will be included support Rquest - Content-Type:
application/json?
It is mandatory for RESTFull.
2014-10-14 17:09 GMT+03:00 Mike Dugan mike@mjdugan.com:
If no one else is already working on it, I can write one up this
morning/early this afternoon and submit it.Ok
The RFC In this topic will be included support Rquest - Content-Type:
application/json?
It is mandatory for RESTFull.
In this case, I completely disagree. There are a variety of new JSON types floating around (i.e. application/hal+json, etc.). Should we try to support them all? I don’t think so. IMO, it is the role of a framework/library to provide support for building RESTful web applications.
-Ben
2014-10-14 17:09 GMT+03:00 Mike Dugan mike@mjdugan.com:
If no one else is already working on it, I can write one up this
morning/early this afternoon and submit it.Ok
The RFC In this topic will be included support Rquest - Content-Type:
application/json?
It is mandatory for RESTFull.
This has been discussed before. I’m not sure it’s a good idea. json_decode(file_get_contents(‘php://input')); isn’t that bad.
--
Andrea Faulds
http://ajf.me/
2014-10-14 17:09 GMT+03:00 Mike Dugan mike@mjdugan.com:
If no one else is already working on it, I can write one up this
morning/early this afternoon and submit it.Ok
The RFC In this topic will be included support Rquest - Content-Type:
application/json?
It is mandatory for RESTFull.This has been discussed before. I’m not sure it’s a good idea. json_decode(file_get_contents(‘php://input')); isn’t that bad.
JSON decoding also has optional behaviour. No more ini settings please.
- $_BODY - request body parameters
I think this name is confusing and unclear. I don't have an alternative,
though. (Only suggestion: stick with the established name which can be
taught easily ("See method attribute in HTML <form> tag"), slightly
advanced users are used to it and don't really care, even more advanced
users use some framework/library providing higher level abstraction and
not having to care anymore, this leaves a few experts who know HTTP and
don't use a framework ... :-) )
And about the cost - mind that there always is an additional cost to any
change: Adoption to the environment. i.e. I assume there are multiple
people who scan for $_GET/$_POST/$_REQUEST/$_COOKIES/$_SERVER to find
input data while analyzing foreign code. Habits and tools need to
change.
Also when adding those the question is whether they should be true
aliases or not, i.e. what the result of
$_GET['foo'] = 23;
echo $_NEW_GET['foo'];
is.
For the latter I think any way is fine. And if we have good names I'm
open to add them, I don't consider $_BODY good, though. It has to be
short ($_HTTP_REQUEST_BODY certainly is too long) and precise, else
people stick with the comfortable thing taught in every book/tutorial.
johannes
Let’s add $_REQUEST_BODY and $_QUERY_STRING and make them aliases of $_GET and $_POST then. Because they’re aliases (by-reference superglobals), there’s no additional memory consumption, but we finally have saner names.
But they are neither the request body nor the query string at that point. They are arrays that represent them. I agree that $_GET and $_POST are left-overs from a bygone day. Introducing aliases adds more confusion, IMHO.
-Ben
That being said, from a purely semantic prospective, both $_GET and
$_POST should be tossed - yes. In reality, you can't do that because
virtually all PHP applications use them. But this is no reason to add
even more global vars with such misleading ... meanings.Let’s add $_REQUEST_BODY and $_QUERY_STRING and make them aliases of $_GET and $_POST then. Because they’re aliases (by-reference superglobals), there’s no additional memory consumption, but we finally have saner names.
$_BODY and $_QUERY would be better, IMHO. The brevity would be
consistent both historically and with other existing superglobal
names, and at least with $_QUERY_STRING the data is not a string.
I suggested this a while ago, people didn't like the idea, and I'm not
sure I do any more, either. We'd do much better focusing on creating a
standard native request object which provides clean access to this
data, and other things that are clumsy at the moment, such as request
headers.
I suggested this a while ago, people didn't like the idea, and I'm not
sure I do any more, either. We'd do much better focusing on creating a
standard native request object which provides clean access to this
data, and other things that are clumsy at the moment, such as request
headers.
Agreed, and it seems that’s what PHP-FIG is working on for user land:
https://github.com/php-fig/fig-standards/blob/master/proposed/http-message.md
-Ben
I suggested this a while ago, people didn't like the idea, and I'm not
sure I do any more, either. We'd do much better focusing on creating a
standard native request object which provides clean access to this
data, and other things that are clumsy at the moment, such as request
headers.Agreed, and it seems that’s what PHP-FIG is working on for user land:
https://github.com/php-fig/fig-standards/blob/master/proposed/http-message.md-Ben
PECL HTTP v2 already has this, actually:
http://devel-m6w6.rhcloud.com/mdref/http/Env/Request#
Also, I think Mike got the naming right there as well, $form is the
accurate description of what it is.
Also, I think Mike got the naming right there as well, $form is the
accurate description of what it is.
You’re right, actually. multipart and url-encoded are usually produced by forms, and other types of request bodies (JSON, plaintext) don’t end up in $_POST.
So $_QUERY and $_FORM, then. That sounds about right.
I suppose $_QUERY is technically incorrect for similar reasons, in that if you have a plain parameter-less query string (e.g. http://example.com/foobar.php?query%20string) it won’t end up in $_GET… but I don’t think that’s widely used, and there are only two formats that come after the question mark. If you really need the raw string, it’s in $_SERVER anyway. So that’s not really a problem.
Andrea Faulds
http://ajf.me/
On 14 Oct 2014, at 14:53, Chris Wright cw@daverandom.com wrote:
Also, I think Mike got the naming right there as well, $form is the
accurate description of what it is.
You’re right, actually. multipart and url-encoded are usually produced by forms, and other types of request bodies (JSON, plaintext) don’t end up in $_POST.
So $_QUERY and $_FORM, then. That sounds about right.
I suppose $_QUERY is technically incorrect for similar reasons, in that if you have a plain parameter-less query string (e.g. http://example.com/foobar.php?query%20string) it won’t end up in $_GET… but I don’t think that’s widely used, and there are only two formats that come after the question mark. If you really need the raw string, it’s in $_SERVER anyway. So that’s not really a problem.
Andrea Faulds
http://ajf.me/
Did I just name a global variable? W00t!
Anyhow, yeah neither one is technically 100% correct, but like Andrea said, the majority of usage will be from forms and query strings with parameters. At any rate, it’s makes more sense semantically in the context of what the var actually contains than $_GET and $_POST ever will.
—
Mike Dugan
mike@mjdugan.com
So $_QUERY and $_FORM, then. That sounds about right.
Did I just name a global variable? W00t!
Anyhow, yeah neither one is technically 100% correct, but like Andrea said, the majority of usage will be from forms and query strings with parameters. At any rate, it’s makes more sense semantically in the context of what the var actually contains than $_GET and $_POST ever will.
+1
I’m cool with $_QUERY and $_FORM. They make much more sense and don’t try to use HTTP verbs, which can confuse the content and semantics of the data they contain. Plus, they would just alias $_GET and $_POST, respectively, right?
-Ben
+1
I’m cool with $_QUERY and $_FORM. They make much more sense and don’t try to use HTTP verbs, which can confuse the content and semantics of the data they contain. Plus, they would just alias $_GET and $_POST, respectively, right?
That’s my idea, yes. They’d be implemented essentially as by-ref assignments internally.
Andrea Faulds
http://ajf.me/
On Oct 14, 2014, at 9:08 AM, Mike Dugan mike@mjdugan.com wrote:
On October 14, 2014 at 10:04:00 AM, Andrea Faulds (ajf@ajf.me) wrote:
So $_QUERY and $_FORM, then. That sounds about right.
Did I just name a global variable? W00t!
Anyhow, yeah neither one is technically 100% correct, but like Andrea said, the majority of usage will be from forms and query strings with parameters. At any rate, it’s makes more sense semantically in the context of what the var actually contains than $_GET and $_POST ever will.
+1
I’m cool with $_QUERY and $_FORM. They make much more sense and don’t try to use HTTP verbs, which can confuse the content and semantics of the data they contain. Plus, they would just alias $_GET and $_POST, respectively, right?
-Ben
That’s my understanding. There’s also some discussion about deriving data from $_POST/$_FORM that is intended for use with other HTTP verbs, I’m still trying to ascertain exactly what was in mind there (Andrea I think you suggested that?)
--
Mike Dugan
mike@mjdugan.com
That’s my understanding. There’s also some discussion about deriving data from $_POST/$_FORM that is intended for use with other HTTP verbs, I’m still trying to ascertain exactly what was in mind there (Andrea I think you suggested that?)
So, we currently parse multipart and url-encoded request bodies for POST and put them in $_POST. I'm just thinking there's no good reason not to do so for any other request method. However, to avoid confusion, we alias it to $_FORM so it's clear it's not only for POST.
Andrea Faulds
http://ajf.me/
So $_QUERY and $_FORM, then. That sounds about right.
Did I just name a global variable? W00t!
Anyhow, yeah neither one is technically 100% correct, but like Andrea
said, the majority of usage will be from forms and query strings with
parameters. At any rate, it’s makes more sense semantically in the context
of what the var actually contains than $_GET and $_POST ever will.+1
I’m cool with $_QUERY and $_FORM. They make much more sense and don’t try to
use HTTP verbs, which can confuse the content and semantics of the data they
contain. Plus, they would just alias $_GET and $_POST, respectively, right?-Ben
That’s my understanding. There’s also some discussion about deriving data
from $_POST/$_FORM that is intended for use with other HTTP verbs, I’m still
trying to ascertain exactly what was in mind there (Andrea I think you
suggested that?)
Well the top of the discussion was suggesting $_PUT and $_DELETE,
which would imply that entity bodies are processed for all HTTP verbs,
the more semantic names for the existing variables came out of this
suggestion (as putting data from other request methods into $_POST
isn't very intuitive).
I'm about +0.5 on both. The name aliases are more semantically
correct, and that's a good thing, but also not entirely necessary.
Processing entity bodies regardless of request method (baring in mind
that this is still content type dependent) is certainly harmless and
may be useful to someone somewhere.
I still think this deflects focus from what would be more useful here:
a native request abstraction object, which provides access to all
elements of the request without a) splitting them up into distinct
global data stores as the current $_GET, $_POST, $_COOKIE does and b)
mixing request data in with server environment data, as $_SERVER
currently does.
Did I just name a global variable? W00t!
I guess Chris meant pecl_http's http\Env\Request::$form property.
--
Regards,
Mike
Agreed, and it seems that’s what PHP-FIG is working on for user land:
https://github.com/php-fig/fig-standards/blob/master/proposed/http-message.md
It is great that such things are standardized in userland form - I'm
strongly in favor of having the core language only the foundation.
Userland code can be managed way simpler than anything in the core
runtime.
PECL HTTP v2 already has this, actually:
http://devel-m6w6.rhcloud.com/mdref/http/Env/Request#Also, I think Mike got the naming right there as well, $form is the
accurate description of what it is.
For me <form method="get"> is a form, too. "get" even is default for
HTML <form>s. This wouldn't show up in $_FORM, though.
johannes
PECL HTTP v2 already has this, actually:
http://devel-m6w6.rhcloud.com/mdref/http/Env/Request#Also, I think Mike got the naming right there as well, $form is the
accurate description of what it is.For me <form method="get"> is a form, too. "get" even is default for
HTML <form>s. This wouldn't show up in $_FORM, though.
As much as I'd like to have as many synapses to always grok those edge
cases, I think this is nitpicking :)
For me the "form" term in case if HTTP request relates to the content
type; GET forms obviously have no content type.
Anyway, IIRC I started a similar discussion after a few glass of Scotch,
and I'm in the "leave it alone" department now, too.
--
Regards,
Mike
That being said, from a purely semantic prospective, both $_GET and
$_POST should be tossed - yes. In reality, you can't do that because
virtually all PHP applications use them. But this is no reason to add
even more global vars with such misleading ... meanings.Let’s add $_REQUEST_BODY and $_QUERY_STRING and make them aliases of $_GET
and $_POST then. Because they’re aliases (by-reference superglobals),
there’s no additional memory consumption, but we finally have saner names.Andrea Faulds
http://ajf.me/
I don't think that would be a good idea, either. They require more typing
and it'd probably be a lot easier for devs to remember which one means GET
and which one means POST.
The fact that $_PUT and $_DELETE aren't necessary because we can use other
approaches to get that data is irrelevant. Having globals for two REST
methods but not the other two is very counter-intuitive from a dev
standpoint. We just recently discussed how PHP tends to have duplicate
ways of doing something in order to make it as easy as possible. I believe
this is one of those times. It would make it a lot easier for devs,
particularly the ones less experienced with REST, to create APIs that
actually use the correct methods without running into the confusion over
why there's a $_GET and a $_POST but not a $_PUT or a $_DELETE.
PHP is supposed to be KISS, right? Well, the current reliance on
php://input for two methods but not the other two invites confusion. That
makes it less-than simple, I believe.
Removing or renaming $_GET and $_POST would also create confusion and
almost certainly cause widespread BC breakage on a pretty massive scale.
And there's really no gain to offset that. So that just leaves us with
either continuing to have two REST methods but not the others or add a
$_PUT and a $_DELETE, even if they just alias to php://input again.
--Kris
--
Mike Dugan
mike@mjdugan.com
On Tue, Oct 14, 2014 at 6:25 AM, Andrea Faulds ajf@ajf.me wrote:
On 14 Oct 2014, at 14:23, Andrey Andreev narf@devilix.net wrote:
That being said, from a purely semantic prospective, both $_GET and
$_POST should be tossed - yes. In reality, you can't do that because
virtually all PHP applications use them. But this is no reason to add
even more global vars with such misleading ... meanings.
Let’s add $_REQUEST_BODY and $_QUERY_STRING and make them aliases of $_GET
and $_POST then. Because they’re aliases (by-reference superglobals),
there’s no additional memory consumption, but we finally have saner names.
--
Andrea Faulds
http://ajf.me/
Removing or renaming $_GET and $_POST would also create confusion and
almost certainly cause widespread BC breakage on a pretty massive scale.
And there's really no gain to offset that. So that just leaves us with
either continuing to have two REST methods but not the others or add a
$_PUT and a $_DELETE, even if they just alias to php://input again.
--Kris
How are these RESTful methods? $_GET accepts query strings, that’s not part of the spec for RESTful GET requests unless I missed something. I also don’t see the worldwide breakage and confusion that would be caused - no one is proposing to drop $_GET and $_POST but rather to create more semantic aliases for them.
—
Mike Dugan
I don't think that would be a good idea, either. They require more typing
and it'd probably be a lot easier for devs to remember which one means GET
and which one means POST.
I’ve already proposed the shorter $_QUERY and $_BODY.
PHP is supposed to be KISS, right? Well, the current reliance on
php://input for two methods but not the other two invites confusion. That
makes it less-than simple, I believe.Removing or renaming $_GET and $_POST would also create confusion and
almost certainly cause widespread BC breakage on a pretty massive scale.
I never said anything about removing $_GET or $_POST. I suggested adding saner aliases.
And there's really no gain to offset that. So that just leaves us with
either continuing to have two REST methods but not the others or add a
$_PUT and a $_DELETE, even if they just alias to php://input again.
Adding $_PUT and $_DELETE is silly. We already have a nonsensical system where $_GET isn’t about GET, but about query string parameters, and $_POST isn’t about POST, but the request body. We should create sane aliases ($_QUERY and $_BODY) and extend $_POST/$_BODY to support request bodies from any method.
This would make things actually simpler, and less confusing, as we stop pretending $_GET is about GET and $_POST is about POST. By using $_QUERY, it’s clear it’s about query string parameters, which any method can have. Similarly, by using $_BODY, it’s clear it’s about request body parameters, which any method can also have.
Sure, all existing code uses $_GET and $_POST and they won’t go away any time soon. But we would have saner names that people writing new code can use.
--
Andrea Faulds
http://ajf.me/
I don't think that would be a good idea, either. They require more
typing
and it'd probably be a lot easier for devs to remember which one means
GET
and which one means POST.I’ve already proposed the shorter $_QUERY and $_BODY.
PHP is supposed to be KISS, right? Well, the current reliance on
php://input for two methods but not the other two invites confusion.
That
makes it less-than simple, I believe.Removing or renaming $_GET and $_POST would also create confusion and
almost certainly cause widespread BC breakage on a pretty massive scale.I never said anything about removing $_GET or $_POST. I suggested adding
saner aliases.
Ok, that was my bad. I misinterpreted.
And there's really no gain to offset that. So that just leaves us with
either continuing to have two REST methods but not the others or add a
$_PUT and a $_DELETE, even if they just alias to php://input again.Adding $_PUT and $_DELETE is silly.
No more silly than $_GET and $_POST are now. But either way, we should try
to make things consistent. This inconsistency only serves to invite
confusion.
We already have a nonsensical system where $_GET isn’t about GET, but
about query string parameters, and $_POST isn’t about POST, but the request
body. We should create sane aliases ($_QUERY and $_BODY) and extend
$_POST/$_BODY to support request bodies from any method.This would make things actually simpler, and less confusing, as we stop
pretending $_GET is about GET and $_POST is about POST. By using $_QUERY,
it’s clear it’s about query string parameters, which any method can have.
Similarly, by using $_BODY, it’s clear it’s about request body parameters,
which any method can also have.
That's a good point. Unfortunately, $_GET and $_POST aren't going away
anytime soon. And in the meantime, we should at least have $_PUT and
$_DELETE alias to $_POST so devs have the option of using them.
Sure, all existing code uses $_GET and $_POST and they won’t go away any
time soon. But we would have saner names that people writing new code can
use.--
Andrea Faulds
http://ajf.me/
Removing or renaming $_GET and $_POST would also create confusion and
almost certainly cause widespread BC breakage on a pretty massive scale.
And there's really no gain to offset that. So that just leaves us with
either continuing to have two REST methods but not the others or add a
$_PUT and a $_DELETE, even if they just alias to php://input again.
There is no standard way to deal with the data in $_PUT and $_DELETE. In fact,
DELETE rarely, if ever, contains a request body. RFC 7231 (section 4.3.5) says
this about payloads within DELETE requests:
A payload within a DELETE request message has no defined semantics;
sending a payload body on a DELETE request might cause some existing
implementations to reject the request.
There’s no standard way to deal with the data in $_POST, either, except that HTML
forms send POST data by default as application/x-www-form-urlencoded, making it
easy for PHP to parse. When building RESTful APIs, that content type is rarely
used in favor of using JSON or XML content types, so even there the $_POST
super global in PHP is useless. You must still use php://input to get the request
body for those POST requests.
While it might make sense to also include $_PUT, $_DELETE, $_PATCH, etc.,
we would also need to build in parsers for a variety of content types, and I don’t
think this is the job of the PHP engine to look at the content type on every request
and attempt to parse it in the way the developer expects it to be parsed. That’s
much better left up to the developer, extensions, and libraries.
Ben
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?$_GET and $_POST are really misnomers. $_GET is query string parameters, $_POST is request body data.
We should just put the request bodies for all requests, not just POST, into $_POST.
Unless I have misunderstood what you are saying ...
as a developer I do want to know the difference between fields in a POST form
and query items on the URL. I will sometimes use them together, eg:
<form action="?context=something" method="post" >
...
and specifically check $_GET['context'] - there might be a $_POST['context'] but
that is treated completely differently.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h
Alain Williams wrote (on 14/10/2014):
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?
$_GET and $_POST are really misnomers. $_GET is query string parameters, $_POST is request body data.We should just put the request bodies for all requests, not just POST, into $_POST.
Unless I have misunderstood what you are saying ...as a developer I do want to know the difference between fields in a POST form
and query items on the URL. I will sometimes use them together, eg:<form action="?context=something" method="post" > ...and specifically check $_GET['context'] - there might be a $_POST['context'] but
that is treated completely differently.
You have misunderstood: the request body is the data sent with the HTTP
request, separate from the URL.
I'm sure the previous 50+ messages are bikeshedding on names for new
superglobals, so going to skip them (sorry for anyone who had a valid
point).
So, my 2p, the entity bodies of PUT and DELETE should go in $_POST
(yes, keeping that name) - I see no reason to cater for other methods
outside of the HTTP 1.1 spec. (Yes, looking at you WebDAV, I don't
care about you)
I am happy to do RFC + patch as required for this change.
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?—Kris
This is due to the history of HTML forms sending POST requests with the Content-Type application/x-www-form-urlencoded. That is, all the fields are key/value pairs and may be easily converted into a PHP array. If you use POST with application/json, nothing appears in $_POST, for example.
In practice, we could support $_PUT and $_DELETE for requests that use application/x-www-form-urlencoded, but most folks implementing PUT and DELETE do not use application/x-www-form-urlencoded for these requests.
I would venture to say that most people implementing PUT requests accept application/json and most DELETE requests have no body at all. So, $_PUT and $_DELETE superglobals wouldn’t make sense.
-Ben
Hey guys,
Does anybody know why we have $_GET and $_POST, but not $_PUT and
$_DELETE? As far as I can tell, the only way to get these out currently
is
to parse their values by reading the incoming stream directly.Is there a reason why we don't want this or is it just that nobody has
actually written it yet?—Kris
This is due to the history of HTML forms sending POST requests with the
Content-Type application/x-www-form-urlencoded. That is, all the fields are
key/value pairs and may be easily converted into a PHP array. If you use
POST with application/json, nothing appears in $_POST, for example.In practice, we could support $_PUT and $_DELETE for requests that use
application/x-www-form-urlencoded, but most folks implementing PUT and
DELETE do not use application/x-www-form-urlencoded for these requests.I would venture to say that most people implementing PUT requests accept
application/json and most DELETE requests have no body at all. So, $_PUT
and $_DELETE superglobals wouldn’t make sense.-Ben
I'm not following your logic, Ben. Just because there are a lot of people
out there who don't understand REST, doesn't mean we shouldn't add support
for the other methods. Besides, if anyone wants to develop a truly RESTful
API in PHP-- which a lot of devs are doing every day-- not giving them
$_PUT and $_DELETE is what wouldn't make any sense. I'm writing an API now
and the lack of those two globals has proven to be a real pain in the ass.
The Content-Type argument really isn't an issue since the API developer
should be setting the right headers for the request method, anyway.
I don't see any gain in not making those globals available. All it does is
present both inconvenience and inconsistency for any REST-based project.
--Kris
Kris Craig wrote (on 14/10/2014):
The Content-Type argument really isn't an issue since the API developer
should be setting the right headers for the request method, anyway.
I think the point is that there's currently no mechanism for data from
anything other than application/x-www-form-urlencoded and
multipart/form-data to end up in $_POST anyway.
There was a discussion of that a while back, and I think there's talk on
PHP-FIG about how standardising HTTP interfaces. It comes down to
needing some flexibility over /how/ different content types are parsed,
which makes a function-call based API make more sense than one that
silently slurps the data on every page load.