473,322 Members | 1,431 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Question regarding GET and POST

First off, I'm a newbie to PHP and server side scripting.

I'm curious if there are any specific guidelines as to when one should use "GET"
or "POST" in forms processing. I've had issues moreso with post than get but
have been able to resolve them relatively quickly.

Anyone?
-----------
"The day microsoft makes something that doesn't suck
is the day they start selling vacuum cleaners."

Anon. 1999
Jul 17 '05 #1
6 2066
Rob

"stuie..." <ae******@anonymous.to> schreef in bericht
news:i1********************************@4ax.com...
First off, I'm a newbie to PHP and server side scripting.

I'm curious if there are any specific guidelines as to when one should use "GET" or "POST" in forms processing. I've had issues moreso with post than get but have been able to resolve them relatively quickly.

Anyone?
-----------
"The day microsoft makes something that doesn't suck
is the day they start selling vacuum cleaners."

Anon. 1999


Hy stuie...,

General speaking when using GET users will see the query string in the
browser. It is also possible to change these in the browser address bar. For
instance somebody can type http://www.domain.com/delete.php?id=1 and
something where id has a value of 1 will be deleted. So the GET is less
secure.
The size of the query string in the GET method is limited (I believe it is
limited to 2000 chars, not sure about that though ) POST on the other hand
has no limits besides the one set by the providers.

Look for a more complete discussion about when to use GET or POST on

http://www.w3.org/2001/tag/doc/whenToUseGet.html

HTH
Rob
Jul 17 '05 #2
F'ups to c.l.p.

Rob wrote:

[ ... ]
The size of the query string in the GET method is limited (I believe it is
limited to 2000 chars, not sure about that though )
There isn't any limit in theory. Any limit on the length of an HTTP
URI is imposed by the systems involved. RFC2616, sec. 3.2.1, says:

| The HTTP protocol does not place any a priori limit on the length of
| a URI. Servers MUST be able to handle the URI of any resource they
| serve, and SHOULD be able to handle URIs of unbounded length if they
| provide GET-based forms that could generate such URIs.

But it then goes on to warn:

| Servers ought to be cautious about depending on URI lengths
| above 255 bytes, because some older client or proxy
| implementations might not properly support these lengths.

That was in 1998 though; I believe that to be insignificant now.

RFC2616, "Hypertext Transfer Protocol -- HTTP/1.1",
http://www.ietf.org/rfc/rfc2616.txt

[ ... ]
http://www.w3.org/2001/tag/doc/whenToUseGet.html


Bookmarked. Thanks, Rob. I hadn't read that before.

--
Jock
Jul 17 '05 #3
John Dunlop scribbled something along the lines of:
F'ups to c.l.p.

Rob wrote:

[ ... ]

The size of the query string in the GET method is limited (I believe it is
limited to 2000 chars, not sure about that though )

There isn't any limit in theory. Any limit on the length of an HTTP
URI is imposed by the systems involved. RFC2616, sec. 3.2.1, says:

| The HTTP protocol does not place any a priori limit on the length of
| a URI. Servers MUST be able to handle the URI of any resource they
| serve, and SHOULD be able to handle URIs of unbounded length if they
| provide GET-based forms that could generate such URIs.

But it then goes on to warn:

| Servers ought to be cautious about depending on URI lengths
| above 255 bytes, because some older client or proxy
| implementations might not properly support these lengths.

That was in 1998 though; I believe that to be insignificant now.


May be insignigicant now, but serving content with a long string of CGI
variables attached to the script name should be avoided wherever
possible. If you submit form data which is to be processed only once
(eg. membership registration), use POST, if you only submit a short
string or so (eg. search query) or want the result page to be
bookmarkable or linkable, use GET.
If you want a GET URI that is bookmarkable but need to set myriads of
variables, better dive into techniques like those involving mod_rewrite
which will allow you to use virtual paths to transmit data, eg.
http://www.example.com/myscriptname/...wn/chimp/gwb01
instead of
http://www.example.com/myscriptname....chimp&id=gwb01

Of course you should avoid such cases in the first place by only
requiring sensible data to be transmitted and the rest to be taken from
a database or so.
--
Alan Plum, WAD/WD, Mushroom Cloud Productions
http://www.mushroom-cloud.com/
Jul 17 '05 #4
"stuie..." <ae******@anonymous.to> wrote in message
news:i1********************************@4ax.com...
First off, I'm a newbie to PHP and server side scripting.

I'm curious if there are any specific guidelines as to when one should use "GET" or "POST" in forms processing. I've had issues moreso with post than get but have been able to resolve them relatively quickly.


A rough guideline that I follow is to use POST when the user is submitting
some data for processing/storage, and a GET when he is performing a query.
The reason for doing the latter is bookmarkability. A POST response isn't
bookmarkable/linkable.
Jul 17 '05 #5
In alt.php stuie... <ae******@anonymous.to> wrote:
I'm curious if there are any specific guidelines as to when one should use "GET"
or "POST" in forms processing. I've had issues moreso with post than get but
have been able to resolve them relatively quickly.

Anyone?


I myself use POST when there is a lot of data, such as TEXTAREA's or when
there is a security consideration.

Something like:

/member.php?UID=joe&PASS=secret

Is a really bad idea since UID and PASS will show up as a Referer in the
server logs or other scripts on other hosts.

Even: SessionID=1234 can be bad if the session ID happens to contain
login credentials. (In that case, it's advisable to use a cookie that
confirms the contents of session data, or (ick) use HTTP authentication
which has issues if a "Logout" feature is required.)

As others have pointed out, GET is good for queries or things you may
want the user to be able to bookmark or use their [Back] button to
access. (Say you have a POST form, user hits post, user hits [Back] some
browsers may warn that it contained POST data etc..)

I also like GET when performance is the dominant concern, since it's
already been read with the request, there is no need to read additional
data from standard input.

GET is (as far as I know) the ONLY way to get data into a script w/out
<FORM> tags, Ie, as part of a hyperlink. So, it's great for that
purpose. Also, GET is practical if you ever needed to issue a Location:
header to redirect a user to another page.

GET is generally more convenient when practical. POST is generally
better for security or when there is a lot of data.

In PHP use $REQUEST[] to use either.

Jamie

--
http://www.geniegate.com Custom web programming
User Management Solutions Perl / PHP / Java / UNIX

Jul 17 '05 #6
In message <MP************************@News.Individual.NET> , John Dunlop
<us*********@john.dunlop.name> writes
F'ups to c.l.p.

Rob wrote:

[ ... ]
The size of the query string in the GET method is limited (I believe it is
limited to 2000 chars, not sure about that though )
There isn't any limit in theory. Any limit on the length of an HTTP
URI is imposed by the systems involved. RFC2616, sec. 3.2.1, says:

| The HTTP protocol does not place any a priori limit on the length of
| a URI. Servers MUST be able to handle the URI of any resource they
| serve, and SHOULD be able to handle URIs of unbounded length if they
| provide GET-based forms that could generate such URIs.

But it then goes on to warn:

| Servers ought to be cautious about depending on URI lengths
| above 255 bytes, because some older client or proxy
| implementations might not properly support these lengths.

That was in 1998 though; I believe that to be insignificant now.

RFC2616, "Hypertext Transfer Protocol -- HTTP/1.1",
http://www.ietf.org/rfc/rfc2616.txt


In a more web-aware format at:

http://www.w3.org/Protocols/rfc2616/rfc2616.html
[ ... ]
http://www.w3.org/2001/tag/doc/whenToUseGet.html


Bookmarked. Thanks, Rob. I hadn't read that before.


--
Five Cats
Email to: cats_spam at uk2 dot net
Jul 17 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Sean W. Quinn | last post by:
Hey folks, I have a question regarding file handling, and the preservation of class structure. I have a class (and I will post snippets of code later in the post) with both primitive data...
3
by: jmh | last post by:
First, for those that view this as an OT post, sorry. I'm not sure where to post (*.jobs?) but from reading there are a number of people in this NG whose opinions I would respect and welcome. ...
2
by: Arun Prasath | last post by:
Hi all, I have the following question regd pointer typecasting. Is the following type of pointer typecasting valid? #define ALLOC(type,num) ((type *)malloc(sizeof(type)*num)) /*begin...
4
by: Jordan Wright | last post by:
I am wondering why it takes an absurd amount of time for a message to post on here, and also why the most recently answered topics aren't automatically reposted at the top. I keep seeing my message...
10
by: jojobar | last post by:
Hello, I am trying to use vs.net 2005 to migrate a project originally in vs.net 2003. I started with creation of a "web site", and then created folders for each component of the site. I read...
12
by: Joe | last post by:
Hello All: I'm sure that one of you can quickly spot the error in my script. I am using a small javascript function to retrieve the text of a hyperlink in a datagrid column. Here is my...
2
by: John A | last post by:
I have a Web Service that I am reponsible for that we use for data integration purposes. Recently I have been tasked with sending some of this data to a third party. Because they need to receive...
2
by: Dean R. Henderson | last post by:
For an ASP.NET web application, is there a way for one session (with appropriate security authorization) to set a HttpSessionState variable to point to another session and execute the Abandon...
4
by: Benny Van | last post by:
Hi all! I have a question regarding a windows operating system function: I was asked to write a small program for a homework to display the user name and computer name and the system time out to a...
17
by: somenath | last post by:
Hi All, I have one question regarding the bellow mentioned code #include<stdio.h> int main(void) { int x = 0; int y = 0;
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.