eallen
Posts: 25
|
| Posted: 03/16/2004, 11:35 AM |
|
I would like to know the advantage/disadvantages etc for using one of these methods over the other. Which is best etc.
Additionally, if I want to change from using the GET method to the POST method or vice versa, what problems might I encounter making that change in my application?
Thanks in advance for you help.
|
 |
 |
stanhecht
Posts: 6
|
| Posted: 03/16/2004, 12:54 PM |
|
The two methods send user data back to the server differently. GET strings all the field names and values into the URL (just look at the URL of your message as an example: you can see that there is a form variable post_id with value 44456). In contrast POST includes the field names and values as part of the HTTP headers sent to the server - not visible to the user. As I recall, POST also allows more characters to be sent as part of the field name/value list.
So POST is generally more flexible and more secure.
|
|
|
|
eallen
Posts: 25
|
| Posted: 03/16/2004, 1:50 PM |
|
>POST also allows more characters to be sent as part of the field name/value list.
This is interesting to know.
What are the implications in CCS if one should change from using GET to POST? Are there pitfalls that one should be aware of?
TIA
|
|
|
|
peterr
Posts: 5971
|
| Posted: 03/16/2004, 5:56 PM |
|
See : http://www.google.com/search?q=get+post+differences
CCS already uses POST where possible. However, many times POST is converted on the server to GET if the page needs to be refreshed because there is no way to POST from the server. For example if some data is validated then the error messages and previously entered data need to be displayed again via some URL, which looks like GET. You may be able to utilize POST exclusively if you do not perform any validation on the server (and none of the fields are required) and you don't expect any errors to be processed and shown by the program.
It is also not possible to use POST with links, unless you use some workarounds like changing a link to an image and creating a hidden form.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
eallen
Posts: 25
|
| Posted: 03/17/2004, 4:39 AM |
|
Peter:
Thanks very much for your very information response.
My interest in POST verses GET was to reduce the 'stuff' that appears in the URL line. Am I correct to assume from your response that a combination of POSTs along with GETs could be used to do this? If so, would there be a rule of thumb that one could use, such as, search parameters could or could not be POSTs, or Passed Parameter...?
TIA
|
|
|
|
lneisius
Posts: 29
|
| Posted: 03/17/2004, 8:24 AM |
|
Is there a way to use get but hide the parameters in the URL?
|
|
|
|
peterr
Posts: 5971
|
| Posted: 03/17/2004, 11:18 PM |
|
Well, I think that the definition of GET is to pass parameters via the URL. Therefore the URL needs to contain all necessary parameters. Some companies encrypt those parameters, so really there are two questions here: not utilizing GET/URL parameters at all, or concealing parameter names and values.
If you ask me how to use "GET" without parameters then my answer is that you can't.
If you asked me how to conceal, scramble or encrypt the parameters then my answer would be that I don't know. In the future versions of CCS we definitely consider adding the ability to encrypt URL parameters. Regardless of this, you should still protect all the records from being viewed by unauthorized users, either via events or SQL parameters (WHERE).
Regarding the Search parameters, we already use POST and you can see this by searching the generated HTML for the word "method". Because of the form validation the search parameters are converted to a URL. The form is first processed/validated, then redirected to the URL containing the search string. I don't see a need to utilize POST here since the users are the ones who entered those parameters anyway. If you execute a search at http://www.google.com/ you will also see a URL string.
Also keep in mind that users cannot bookmark POST, only the URLs.
I believe that in CCS there is a way to execute the Search exclusively via POST if you do not use any validations for your Search form fields. I can get details if this is something you need.
As a rule of thumb I consider GET normal for search forms and links, while POST is usually used for data entry forms (add/edit).
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
eallen
Posts: 25
|
| Posted: 03/18/2004, 1:47 PM |
|
Thank you very much for your comprehensive reply. It has been very complete and informative. This certainly aswers my questions.
Thanks.
|
|
|
|
|
