Using the Right HTTP Methods for CRUD Operations (Leaf PHP MVC)

When building CRUD functionality in an MVC application, it’s easy to focus only on what works. But in web development, how you do it matters just as much as that it works.

A common question beginners ask is:

“Should I delete records using a GET route or a DELETE route?”

Let’s walk through the reasoning and land on best practices.

GET vs DELETE: They Are Not the Same

Consider these two routes:

app()->get('/members/delete/{id}', 'MembersController@delete');
app()->delete('/members/delete/{id}', 'MembersController@delete');

app()->get('/members/delete/{id}', 'MembersController@delete');
app()->delete('/members/delete/{id}', 'MembersController@delete');

At first glance, both can delete a record. But only one is correct.

❌ Why deleting with GET is a bad idea

The GET method is meant to:

• Retrieve data
• Be safe and read-only
• Never change server state

Using GET to delete data can cause serious issues:

• Accidental deletions from browser refresh, prefetching, or bots
• Security risks, since a simple link or image tag can trigger it
• Violation of HTTP semantics, making your app unpredictable

Example of a dangerous scenario:

<img src="/members/delete/5">

<img src="/members/delete/5">

That alone could delete data without user intent.

✅ Why DELETE is the right choice

The DELETE HTTP method exists specifically for destructive actions.

Benefits:

• Clearly communicates intent
• Not triggered by crawlers or previews
• Aligns with RESTful standards
• Easier to secure (CSRF protection, middleware, etc.)

A better route design looks like this:

app()->delete('/members/{id}', 'MembersController@delete');

app()->delete('/members/{id}', 'MembersController@delete');

Notice how the URL doesn’t even need the word delete — the HTTP verb already explains the action.

“But HTML forms don’t support DELETE…”

True. HTML forms only support GET and POST.

Frameworks like Leaf solve this using method spoofing:

<form method="POST" action="/members/{{ $member->id }}">
  @method('DELETE')
  <button type="submit">Delete</button>
</form>

<form method="POST" action="/members/{{ $member->id }}">
  @method('DELETE')
  <button type="submit">Delete</button>
</form>

Behind the scenes, Leaf interprets this as a DELETE request — clean and safe.

Best-practice summary

Final takeaway

Just because something works doesn’t mean it’s right.

Using proper HTTP verbs:

• Makes your app safer
• Improves readability
• Aligns with industry standards
• Scales better as your project grows

If you’re building CRUD in Leaf PHP (or any MVC framework), always use DELETE for deletions — your future self will thank you.