barophobia wrote:
I only know of one reason to submit a form as POST and that is because
you can submit more data in one shot.
What other reasons are there?
The difference between get and post is not what you *can* do, it's what
you *should* do.
Get, as the name implies, should be used when retrieving a page. The
URL, including the query string, should contain info needed to retrieve
the right page. No significant changes to either session or persistant
data should be made in response to a get request.
Post is used to send data to the server, and should be used when
modifying something. That something could be 'the logged in user' (in
the case of a login form), or 'a blog entry' (in the case of a blog
entry editor form).
Put more simply, get requests should not make significant changes to the
data or state of your website, always use post requests for that.
These implied "rules" have existed since HTTP was invented, and when you
think about it they make a lot of sense. They also get emphasized by the
existance of so-called web accelerators that simply pre-fetch URLs on
the page the user is viewing. If you have simple links (i.e. get
requests) that make changes to your websites data or state, the
accelerator will seriously screw it up.
As an illustration, consider a blog editing app. You log in and view a
list of entries in your blog. Each one has edit and delete links next to
them. These are plain URLs. The delete link uses javascript to ask the
user for confirmation. The accelerator happily goes through these links,
helpfully pre-fetching them for you. This is fine for the edit links,
but the delete links cause the website to delete your entire blog. Oops.
Hope that's made it clear.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
