Returns the HTTP request method used to access the current page.
Signature
sqlpage.request_method() -> TEXT
Parameters
This function takes no parameters.
Return Value
The HTTP method as uppercase text (e.g., 'GET', 'POST', 'PUT', 'DELETE')
Description
The request_method() function returns the HTTP request method (also known as HTTP verb) used to access the current page.
HTTP Methods
- GET - Retrieve information from the server (default for browser links)
- POST - Submit data to the server (default for form submissions)
- PUT - Replace a resource on the server
- DELETE - Remove a resource
- PATCH - Partially modify a resource
- HEAD - Get headers without body
- OPTIONS - Get supported methods
Examples
Enforce POST for Mutations
Prevent data changes unless the request uses POST:
SELECT 'redirect' as component,
'/error.sql?msg=method_not_allowed' as link
WHERE sqlpage.request_method() != 'POST';
-- Safe to insert/update/delete here
INSERT INTO users (name, email) VALUES (:name, :email);
REST API Endpoint
Implement different behavior for different HTTP methods:
SET method = sqlpage.request_method();
-- GET: List all items
SELECT 'json' as component
WHERE $method = 'GET';
SELECT id, name, description
FROM items
WHERE $method = 'GET';
-- POST: Create new item
INSERT INTO items (name, description)
SELECT :name, :description
WHERE $method = 'POST'
RETURNING
'json' as component,
id,
name;
-- PUT: Update item
UPDATE items
SET name = :name, description = :description
WHERE id = :id AND $method = 'PUT'
RETURNING
'json' as component,
'updated' as status;
-- DELETE: Remove item
DELETE FROM items
WHERE id = :id AND $method = 'DELETE'
RETURNING
'json' as component,
'deleted' as status;
Show Different UI for GET vs POST
Display a form on GET, process on POST:
-- Show form on GET
SELECT 'form' as component,
'product.sql' as action,
'Create Product' as title
WHERE sqlpage.request_method() = 'GET';
SELECT 'name' as name, 'text' as type, 'Product Name' as label
WHERE sqlpage.request_method() = 'GET';
SELECT 'price' as name, 'number' as type, 'Price' as label
WHERE sqlpage.request_method() = 'GET';
-- Process form on POST
INSERT INTO products (name, price)
SELECT :name, :price
WHERE sqlpage.request_method() = 'POST'
RETURNING
'redirect' as component,
'/products.sql' as link;
Idempotent Operations
Ensure only GET and HEAD are used for read-only operations:
SELECT 'redirect' as component,
'/error.sql?msg=read_only' as link
WHERE sqlpage.request_method() NOT IN ('GET', 'HEAD');
SELECT 'table' as component;
SELECT * FROM products;
CSRF Protection Pattern
Combine with token validation for POST requests:
-- Only validate CSRF token on POST
SET expected_token = (SELECT csrf_token FROM sessions WHERE session_id = sqlpage.cookie('session'));
SET actual_token = :csrf_token;
SELECT 'redirect' as component,
'/error.sql?msg=csrf' as link
WHERE sqlpage.request_method() = 'POST'
AND ($actual_token IS NULL OR $actual_token != $expected_token);
-- Safe to process form
INSERT INTO comments (content) VALUES (:content);
Method-Based Logging
Log different information based on request method:
SET method = sqlpage.request_method();
INSERT INTO access_log (method, path, is_mutation)
VALUES (
$method,
sqlpage.path(),
$method IN ('POST', 'PUT', 'DELETE', 'PATCH')
);
Common Patterns
Read-Only GET
WHERE sqlpage.request_method() = 'GET'
Mutation Methods
WHERE sqlpage.request_method() IN ('POST', 'PUT', 'DELETE', 'PATCH')
Require Specific Method
SELECT 'redirect' as component, '/error.sql' as link
WHERE sqlpage.request_method() != 'POST';
HTTP Method Semantics
| Method | Safe | Idempotent | Common Use |
|---|
| GET | ✓ | ✓ | Retrieve data |
| POST | ✗ | ✗ | Create resource |
| PUT | ✗ | ✓ | Replace resource |
| DELETE | ✗ | ✓ | Remove resource |
| PATCH | ✗ | ✗ | Update resource |
| HEAD | ✓ | ✓ | Get headers only |
| OPTIONS | ✓ | ✓ | Check capabilities |
- Safe: Does not modify server state
- Idempotent: Multiple identical requests have the same effect as one
See Also