|
Ian Clelland
ian at veryfresh.com
Sat Apr 6 01:48:54 EST 2002
On Fri, Apr 05, 2002 at 06:30:37AM -0800, Steven Lott wrote: > Short version: get puts form arguments into the URL > post puts form arguments into a stream that can be read by > Apache/Modpython. ... > GET is the basic URL -> page loop in HTTP. It is used for > simple non-form requests. POST should always be used for form > data. I'm sorry, but I have to strongly disagree with you on this. While web application designers have a tendency to treat GET and POST as interchangeable, they really have very different meanings in HTTP. Long version: GET should always be used when you are simply retrieving information from a web application. The parameters to the GET query, which do form part of the URL, should only be used to refine what information you are retrieving. The important thing to remember about GET requests is that they are never supposed to have side effects. All it should do is show you something that is already on the server, or can be generated from data on the erver. GET request aren't supposed to actually 'do' anything, in terms of real-world effects, like changing things on the server, or sending an email message. This means that the browser should be free to re-send the request as many times as it wants to. It also means that the results can be cached (which is a good thing - the results of a GET query should stay relatively stable, at least over the short term) POST requests, on the other hand, are specifically for sending data which is expected to modify the state of a web server. POST requests are expected to have side effects. Because of this, the browser is *not allowed* to resubmit the request to the server without the user's explicit authorisation. > Generally, GET is a bad idea - form data needs to be encoded to > prevent problems creating a URL - there are limitations on size. Yes, there is usually a limit imposed on the length of the URL, something like 4000 characters, but that should be enough for any request. If you ever go over that, you are probably doing something that GET was not designed for, like sending information to be saved on the server. > Always use POST - no encoding, no size limitations. POST queries, by default, use the same encoding as GET, application/x-www-form-urlencoded, when they are the results of submitting an HTML form. When you read POST form data using req.read(), you still have to decode strings like "param1=val1¶m2=val2", just like in GET. There is another standard for encoding POST data - multipart/form-data - which is useful when you want to send lots of binary data, such as a file upload. It is much less efficient for simple form data, though, and is more work to parse. Sorry for the rant; I had to get that out :) I really do believe that proper use of HTTP can only strengthen web applications, though (this is the primary reason I am using mod_python now, instead of PHP). -- Ian <ian at veryfresh.com>
|