[mod_python] RE:[mod_python]argumentmatchingforforms

Ian Clelland ian at veryfresh.com
Sat Apr 6 01:48:54 EST 2002


On Fri, Apr 05, 2002 at 06:30:37AM -0800, Steven Lott wrote:
> Short version: get puts form arguments into the URL
> post puts form arguments into a stream that can be read by
> Apache/Modpython.
...
> GET is the basic URL -> page loop in HTTP.  It is used for
> simple non-form requests.  POST should always be used for form
> data.

I'm sorry, but I have to strongly disagree with you on this. While web 
application designers have a tendency to treat GET and POST as 
interchangeable, they really have very different meanings in HTTP.

Long version:

GET should always be used when you are simply retrieving information 
from a web application. The parameters to the GET query, which do form 
part of the URL, should only be used to refine what information you are 
retrieving.

The important thing to remember about GET requests is that they are 
never supposed to have side effects. All it should do is show you 
something that is already on the server, or can be generated from data 
on the erver. GET request aren't supposed to actually 'do' anything, in 
terms of real-world effects, like changing things on the server, or 
sending an email message. This means that the browser should be free to 
re-send the request as many times as it wants to. It also means that 
the results can be cached (which is a good thing - the results of a GET 
query should stay relatively stable, at least over the short term)

POST requests, on the other hand, are specifically for sending data 
which is expected to modify the state of a web server. POST requests 
are expected to have side effects. Because of this, the browser is
*not allowed* to resubmit the request to the server without the user's 
explicit authorisation.

> Generally, GET is a bad idea - form data needs to be encoded to
> prevent problems creating a URL - there are limitations on size.
 
Yes, there is usually a limit imposed on the length of the URL, 
something like 4000 characters, but that should be enough for any 
request. If you ever go over that, you are probably doing something 
that GET was not designed for, like sending information to be saved on 
the server.

> Always use POST - no encoding, no size limitations.
 
POST queries, by default, use the same encoding as GET, 
application/x-www-form-urlencoded, when they are the results of 
submitting an HTML form. When you read POST form data using req.read(), 
you still have to decode strings like "param1=val1&param2=val2", just 
like in GET.

There is another standard for encoding POST data - multipart/form-data 
- which is useful when you want to send lots of binary data, such as a 
file upload. It is much less efficient for simple form data, though, 
and is more work to parse.


Sorry for the rant; I had to get that out :) I really do believe that
proper use of HTTP can only strengthen web applications, though (this
is the primary reason I am using mod_python now, instead of PHP).

--
Ian
<ian at veryfresh.com>



More information about the Mod_python mailing list