On Fri, 2007-04-06 at 20:44 -0400, Mike Shanley wrote: > Chris, > > When you submit via GET, all the info shows up in the URL, so people can > tamper with it however they like. Also, people can bookmark it as well. Quite true. > With POST, everything stays hidden, mostly untamperable, and Bullshit. It is VERY easy to tamper with post data. > unbookmarkable. POST might sound clearly better, but unless it's > important that people don't change anything, then go with GET. I go with POST almost exclusively when doing forms. I do so because my form engine embeds various information (non-security sensitive information) for the form. It works using get also, but it's ugly having stuff like that in the URL. Additionally, for longer forms, there's a limit to which browsers must adhere to acknowledge. I believe browsers are only required to process 1024 bytes from a URL. Obviously some browsers will process more, but now you're counting on a non-standard feature. For the most part, if there's stuff in the URL parameters, then they came from a link or a redirect. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
