On Fri, April 6, 2007 7:35 pm, barophobia wrote: > I only know of one reason to submit a form as POST and that is because > you can submit more data in one shot. > > What other reasons are there? #1 If it "changes" anything [*] on the server it MUST be POST and not GET. If you don't grak this, put it this way: Assume that web-crawler spiders like Google WILL submit FORMs that use GET, and if you don't like that, don't use GET. #2 GET can be more limited in the amount of data it can send. POST can also be limited. Exact limits are server/browser/version specific, and HTTP specs also placed minimums on HTTP-compliant software, which also changed over time. #3 POST bookmarked form results are generally not usefully (or broken-ly) passed around from visitor to visitor. This can be "good" or "bad" depending on your needs. #4 Some consider a POST URL less ugly than a long GET URL. YMMV #5 Really really really dumb Bad Guys haven't figured out how trivial it is to send POST data to mess with your site, but have figured out how super-duper trivial it is to muck with the GET URL to mess with your site. This makes POST 0.0000000001% "more secure" than GET, sort of... It weeds out the dumbest of the dumb Bad Guys. * "anything" does not include log files, stats, tracking etc, but rather the data behind the server. A more formal definition involving the word "immutable" (or was it some other high-falutin' word?) and fifty pages of legalese is available in the RFCs if you are bored enough to read them... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
