On Wed, 23 Mar 2005, Eric wrote:
Everyone knows that one pass data to a page in an anchor tag by using
the GET Method:
<a href="http://www.aaa.com/randompage.php?name=data">
Well, some of us know there's PATH_INFO in addition to
QUERY_STRING
What I am wondering is if there was a way to do the same thing, but
use the POST Method instead...?
Are you familiar with the design aims of POST requests, vis a vis
non-idempotent requests, result cacheing, and so forth? If not, then
I'd suggest taking a step back and reviewing that topic, for some
general background.
Browsers are increasingly suppying users with protection against
accidentally re-POSTing a request, and it's a pain in the proverbials
when a significant number of browser moves - in situations where the
user feels the requests should have been idempotent - result
unnecessarily in a browser alert popping up to warn them that they
are risking re-submitting their POST request again.
So I'd suggest that you'd do better to fall into line - as far as
possible - with the general plan, rather than spotting some side issue
and letting it dominate the choice of GET versus POST.
My purpose in doing so is to keep the URLs the user sees clean by
not putting anything in them that they do not need to see.
As another poster commented, you've already *put* something in there
that the user doesn't need to see, namely the .php
Surely -they- are providing the input for this request? So it's not
as if there's anything to hide. And maybe they'd like to bookmark the
URL, which isn't possible with a POST request (sure, you can bookmark
the /page/ which has the POST, but they still have to access that
page, feed in the data, and submit it).
This has nothing to do with security concerns as I already know
there would be ways to obtain the data being passed.
right
If the answer is indeed no, then what methods do people use to pass data
when there is a desire to keep the URLs clean? Cookies?
It's a possible mechanism, certainly. But some folks get annoyed by
the hail of cookies that get showered on them by some web sites, and
they finally lose patience and block the things altogether (sure, you
and I know there are more finely-divided ways of controlling them, but
users have the last word anyway). So it's best if you keep some kind
of fallback mechanism that you can use if that happens. There are
certainly some sites which use cookies for maintaining state if they
find that the user allows them, but if they can't, then you see a
random-looking string appearing in the URL instead, for the same
purpose.
(Though I did throw one site into complete confusion when one of its
advertising banners tried to hurl cookies at me, and I turned cookies
off in annoyance - which also disabled the session cookie that the
site itself had previously been using. Their server went into orbit,
redirecting to the same URL over and over until my browser called a
halt to it.)
