barophobia wrote:
I only know of one reason to submit a form as POST and that is because you can submit more data in one shot. What other reasons are there?
The difference between get and post is not what you *can* do, it's what you *should* do.
Get, as the name implies, should be used when retrieving a page. The URL, including the query string, should contain info needed to retrieve the right page. No significant changes to either session or persistant data should be made in response to a get request.
Post is used to send data to the server, and should be used when modifying something. That something could be 'the logged in user' (in the case of a login form), or 'a blog entry' (in the case of a blog entry editor form).
Put more simply, get requests should not make significant changes to the data or state of your website, always use post requests for that.
These implied "rules" have existed since HTTP was invented, and when you think about it they make a lot of sense. They also get emphasized by the existance of so-called web accelerators that simply pre-fetch URLs on the page the user is viewing. If you have simple links (i.e. get requests) that make changes to your websites data or state, the accelerator will seriously screw it up.
As an illustration, consider a blog editing app. You log in and view a list of entries in your blog. Each one has edit and delete links next to them. These are plain URLs. The delete link uses javascript to ask the user for confirmation. The accelerator happily goes through these links, helpfully pre-fetching them for you. This is fine for the edit links, but the delete links cause the website to delete your entire blog. Oops.
Hope that's made it clear. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
