While checking
$_SERVER['REQUEST_METHOD']
seems the obvious choice, since some of the people are advocating safe superglobals alternatives (Is using superglobals directly good or bad in PHP? and similar questions), one may instead use automatic sanitizing
filter_input( \INPUT_SERVER, 'REQUEST_METHOD', \FILTER_SANITIZE_SPECIAL_CHARS )
(you might of course use other filter, eg. FILTER_SANITIZE_STRING - see here for a full list).
Obviously, in the regular (GET/POST) case there ain't anything to sanitize, but a good habit is still a good habit IMO.
http://php.net/manual/en/reserved.variables.server.php
http://php.net/manual/en/function.filter-input.php
