[mod_python] query_vars and form_vars

Gregory (Grisha) Trubetskoy grisha at modpython.org
Tue Jul 6 11:43:04 EDT 2004


This behaviour is part of mod_python.util.FieldStorage class, which is a 
little convenience tool. Protocol compliance is of little or no relevance 
here, since you're free not to use it and process input data using your 
own code or, for example using Python standard library FieldStorage.

Also, if I remember it correctly, most relevant RFC's tend to focus on the 
behaviour of the browser (e.g. the user should be warned before a POST if 
you hit reload, but not for GET), and there is nothing there about how the 
form variables should appear to an application.

As to why it processes GET and POST together and GET wins - that's a 
matter of personal preference. I find it convenient to be able to override 
variables in a form by appending them to the URL, and I think most 
user-friendly applications should behave this way, because IMHO ability to 
tinker with the URL is a good thing.

Some people believe that this should not be allowed because it enables a 
user to alter hidden POST variables, which would otherwise be difficult, 
but this seems to me like a silly argument. There are much more certain 
ways of ensuring that hidden variables have not been modified, e.g. an MD5 
or SHA signature passed along.

Grisha


On Mon, 5 Jul 2004, Jorey Bump wrote:

> mod_python user wrote:
>
>> Hi all,
>> 
>> I'm new to python and consequently mod_python but have discovered the 
>> servlet" package, and actually have a small templated webapp up and 
>> running.  Extremely powerful language.
>> 
>> I would like to be able to retrieve both _form_ and _query_ variables, 
>> even if they share the same name. e.g.
>> 
>>   <form method='post' action='/?name=NAME_ONE'>
>>     <input type='hidden' name='name' value='NAME_TWO' />
>>     <input type='submit' />
>>   </form>
>> 
>> It seems that when both a GET and POST variable share the same name that 
>> the GET (query) variable always wins.
>> 
>> Does anybody know how this might be accomplished?
>
> I don't know about servlets, but mod_publisher returns a list:
>
> ['NAME_ONE', 'NAME_TWO']
>
> I don't know what causes this behaviour. Since only a POST request is sent, 
> not a GET, I would expect any arguments in the URL to be ignored and only 
> variables in the message body to be recognized.
>
> I'd find out if this follows some kind of standard before relying on the 
> order the values appear in a list. It could be arbitrary or undocumented (and 
> therefore unpredictable).
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>


More information about the Mod_python mailing list