I am trying to delete a file on my server using DELETE method in my html form.
I have a file ,and url to that file is :
http://example.com/file2.php
I am using the following code for deleting the file :
<form action="file2.php"method="DELETE">
<input type="submit"value="delete file">
</form>
When I press "delete file" button I get redirected to "file2.php" but it is not deleting the file.
Server is receving the request header in GET method :
GET /file2.php HTTP/1.1
instead of DELETE :
DELETE /file2.php HTTP/1.1
Does someone know why the delete method is not working? or how can I delete my file using DELETE method?
Most browser do not support DELETE as method parameter for <form ...>. Indeed it's not even part of the HTML specification:
The method and formmethod content attributes are enumerated attributes with the following keywords and states:
The keyword get, mapping to the state GET, indicating the HTTP GET method.
The keyword post, mapping to the state POST, indicating the HTTP POST method.
And here is some kind of explanation:
It seems that we currently do not understand how PUT and DELETE will be useful for HTML forms.
For DELETE, it's indeed easy to create a useful request. However, server implementations usually respond with 200 and a minimal response body ("deleted") or 204 (no content). So it's not clear how this can be used in a web application.
For PUT, it seems there's no real use case as long as the web page doesn't have full control over the payload, and also can set the content type.
Please consider removing this feature until there's a clearer understanding about what it's good for.
Frameworks like laravel provide method spoofing:
<input type='_method' value='DELETE' />
This will override the method of the request and will - for example - call a destroy function:
Route::delete('/items/{id}', 'ItemController@destroy');
If you don't use a framework, you can try to mimic this behaviour:
if($_SERVER['REQUEST_METHOD'] === 'DELETE' || (isset($_REQUEST['_method'] && $_REQUEST['_method'] === 'delete') {
...
}
Mozilla only specifies only GET and POST
I have 2 recommendations:
Use a POST to send data to your PHP code and handle it from there
Don't actually delete stuff that simple. Create some function that will just say it is deleted till after you are really sure it has to be gone