HTTP protocol's PUT and DELETE and their usage in PHP

What are these methods (PUT) and (DELETE) for...

There are a lot of words to spend to explain this, and I'm not skilled enough to do it, but as already posted, a quick recap of what the HTTP specification describes.

The protocol basically says this:

  • use GET when you need to access a resource and retrieve data, and you don't have to modify or alter the state of this data.

  • use POST when you need to send some data to the server. Ex. from a form to save these data somewhere.

  • use HEAD when you need to access a resource and retrieve just the Headers from the response, without any resource data.

  • use PUT when you need to replace the state of some data already existing on that system.

  • use DELETE when you need to delete a resource (relative to the URI you've sent) on that system.

  • use OPTIONS when you need to get the communication options from a resource, so for checking allowed methods for that resource. Ex. we use it for CORS request and permissions rules.

  • You can read about the remaining two methods on that document, sorry I've never used it.

Basically a protocol is a set of rules you should use from your application to adhere to it.


... and if it's possible to use them in PHP, how would I go about this.

From your php application you can retrieve which method was used by looking into the super global array $_SERVER and check the value of the field REQUEST_METHOD.

So from your php application you're now able to recognize if this is a DELETE or a PUT request, ex. $_SERVER['REQUEST_METHOD'] === 'DELETE' or $_SERVER['REQUEST_METHOD'] === 'PUT'.

* Please be also aware that some applications dealing with browsers that don't support PUT or DELETE methods use the following trick, a hidden field from the html form with the verb specified in its value attribute, ex.:

<input name="_method" type="hidden" value="delete" />

Follow an example with a small description on a possible way to handle those 2 http requests

When you (your browser, your client) request a resource to an HTTP server you must use one of the method that the protocol (HTTP) accepts. So your request needs to pass:

  • A METHOD
  • An Uri of the resource
  • Request Headers, like User-Agent, Host, Content-Length, etc
  • (Optional body of the request)

Now, while you would be able to get data from POST and GET requests with the respective globals ($_GET, $_POST), in case of PUT and DELETE requests PHP doesn't provide these fast access globals; But you can use the value of $_SERVER['REQUEST_METHOD'] to check the method in the request and handle your logic consequently.

So a PUT request would look like:

PUT /something/index.php

(body) maybe=aparameter

and you can access those data in PHP by reading the php://input stream, ex. with something like:

if ($_SERVER['REQUEST_METHOD'] === 'PUT') { 
    $myEntireBody = file_get_contents('php://input'); //Be aware that the stream can only be read once
}

and a DELETE request would look like:

DELETE /something/index.php?maybe=aparameter

and again you can build your logic after have checked the method:

if ($_SERVER['REQUEST_METHOD'] === 'DELETE') { 
    // do something
}

Please pay attention that a DELETE request has no Body and pay very attention to Response Status Code too (ex. if you received a PUT request and you've updated that resource without error you should return a 204 status -No content-).


Way to use PUT data from PHP:

$method = $_SERVER['REQUEST_METHOD'];
if ('PUT' === $method) {
    parse_str(file_get_contents('php://input'), $_PUT);
    var_dump($_PUT); //$_PUT contains put fields 
}

PHP's $_GET and $_POST are poorly named. $_GET is used to access the values of query string parameters, and $_POST lets you access the request body.

Using query string parameters is not limited to GET requests, and other kinds of requests than just POST can come with a request body.

If you want to find out the verb used to request the page, use $_SERVER['REQUEST_METHOD'].