On 4/7/07, Paul Novitski <paul@xxxxxxxxxxxxxxxxxxx> wrote:
>barophobia wrote: >>I only know of one reason to submit a form as POST and that is because >>you can submit more data in one shot. At 4/6/2007 05:44 PM, Mike Shanley wrote: >When you submit via GET, all the info shows up in the URL, so people >can tamper with it however they like. Also, people can bookmark it as well. In fact that very tamperability is one of the advantages of GET. For certain types of service it can be a boon to the user to be able to tweak the querystring. It enables even mildly technically-oriented people to roll their own queries for search engines, map engines, online resource guides, catalogs, etc. When I deliberately expose the communication channel between a form and a lookup engine like that, I try to choose querystring parameter names that are simple and easy to remember such as isbn, author, and title. Obviously you have to make sure someone can't hack your system through the querystring, but you should already be doing this anyway whether you're using POST or GET. Regards, Paul
Good point, It's nice if search machine's are using GET, as you could make a script to search in their search machine by just going to an url like http://www.google.com/search?q=<search>, instead of making a form. Tijnema
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
