In alt.php stuie... <ae******@anonymous.to> wrote:
I'm curious if there are any specific guidelines as to when one should use "GET"
or "POST" in forms processing. I've had issues moreso with post than get but
have been able to resolve them relatively quickly.
Anyone?
I myself use POST when there is a lot of data, such as TEXTAREA's or when
there is a security consideration.
Something like:
/member.php?UID=joe&PASS=secret
Is a really bad idea since UID and PASS will show up as a Referer in the
server logs or other scripts on other hosts.
Even: SessionID=1234 can be bad if the session ID happens to contain
login credentials. (In that case, it's advisable to use a cookie that
confirms the contents of session data, or (ick) use HTTP authentication
which has issues if a "Logout" feature is required.)
As others have pointed out, GET is good for queries or things you may
want the user to be able to bookmark or use their [Back] button to
access. (Say you have a POST form, user hits post, user hits [Back] some
browsers may warn that it contained POST data etc..)
I also like GET when performance is the dominant concern, since it's
already been read with the request, there is no need to read additional
data from standard input.
GET is (as far as I know) the ONLY way to get data into a script w/out
<FORM> tags, Ie, as part of a hyperlink. So, it's great for that
purpose. Also, GET is practical if you ever needed to issue a Location:
header to redirect a user to another page.
GET is generally more convenient when practical. POST is generally
better for security or when there is a lot of data.
In PHP use $REQUEST[] to use either.
Jamie
--
http://www.geniegate.com Custom web programming
User Management Solutions Perl / PHP / Java / UNIX