barophobia wrote:
I only know of one reason to submit a form as POST and that is because
you can submit more data in one shot.
At 4/6/2007 05:44 PM, Mike Shanley wrote:
When you submit via GET, all the info shows up in the URL, so people
can tamper with it however they like. Also, people can bookmark it as well.
In fact that very tamperability is one of the advantages of GET. For
certain types of service it can be a boon to the user to be able to
tweak the querystring. It enables even mildly technically-oriented
people to roll their own queries for search engines, map engines,
online resource guides, catalogs, etc.
When I deliberately expose the communication channel between a form
and a lookup engine like that, I try to choose querystring parameter
names that are simple and easy to remember such as isbn, author, and title.
Obviously you have to make sure someone can't hack your system
through the querystring, but you should already be doing this anyway
whether you're using POST or GET.
Regards,
Paul
__________________________
Paul Novitski
Juniper Webcraft Ltd.
http://juniperwebcraft.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
