What are the pitfalls of relying on $_POST["submit"] to trigger a specific action in PHP?

Relying on $_POST["submit"] to trigger a specific action in PHP can be unreliable because it depends on the value of a form element with the name "submit" being sent in the POST request. This can be easily manipulated or not present at all, leading to unexpected behavior. To solve this, it's better to use a hidden input field with a specific name to determine the action to be taken.

&lt;form method=&quot;post&quot;&gt;
    &lt;input type=&quot;hidden&quot; name=&quot;action&quot; value=&quot;specific_action&quot;&gt;
    &lt;button type=&quot;submit&quot;&gt;Submit&lt;/button&gt;
&lt;/form&gt;

&lt;?php
if ($_SERVER[&quot;REQUEST_METHOD&quot;] == &quot;POST&quot;) {
    if ($_POST[&quot;action&quot;] == &quot;specific_action&quot;) {
        // Perform the specific action here
    }
}
?&gt;

Keywords

$_POST submit action trigger pitfalls

What are the pitfalls of relying on $_POST["submit"] to trigger a specific action in PHP?

Keywords

Related Questions