On Saturday 07 April 2007 05:56, Paul Novitski wrote: > >barophobia wrote: > >>I only know of one reason to submit a form as POST and that is because > >>you can submit more data in one shot. > > At 4/6/2007 05:44 PM, Mike Shanley wrote: > >When you submit via GET, all the info shows up in the URL, so people > >can tamper with it however they like. Also, people can bookmark it as > > well. > > In fact that very tamperability is one of the advantages of GET. For > certain types of service it can be a boon to the user to be able to > tweak the querystring. It enables even mildly technically-oriented > people to roll their own queries for search engines, map engines, > online resource guides, catalogs, etc. > > When I deliberately expose the communication channel between a form > and a lookup engine like that, I try to choose querystring parameter > names that are simple and easy to remember such as isbn, author, and title. > > Obviously you have to make sure someone can't hack your system > through the querystring, but you should already be doing this anyway > whether you're using POST or GET. > GET leaves someone with an option to easily make a frontend... take ktorrent feks. This little bugger contains some khtml code and a search box, and withing this search box you can add torrent tracker sites. Imho easily downloadable and consistent when it comes to searching (well it shows the complete site inside then browserwindow, but you don't go looking for the search form box.) > Regards, > > Paul > __________________________ > > Paul Novitski > Juniper Webcraft Ltd. > http://juniperwebcraft.com -- --- Børge http://www.arivene.net --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php