为什么不在这里使用POST方法呢?

时间:2023-01-06 05:05:50

I have a classifieds website.

我有一个分类网站。

In the main page (index) I have several form fields which the user may or may not fill in, in order to specify a detailed search of classifieds.

在主页(索引)中,我有几个表单字段,用户可以填写,也可以不填写,以便指定对分类信息的详细搜索。

Ex:

例:

   Category: Cars
   Price from: 3000
   Price to:   10000
   Color: Red
   Area: California

The forms' action is set to a php page:

表单的操作设置为php页面:

   <form action='query_sql.php' method='post'>

In query_sql.php I fetch the variables like this:

在query_sql。我取这样的变量:

   category=$_POST['category'];
   etc etc...

Then query MySql:

然后MySql查询:

   $query="SELECT........WHERE category='$category' etc etc....
   $results = mysql_query($query);

Then I simply display the results of the query to the user by creating a table which is filled in dynamically depending on the results set.

然后,我只需创建一个表,根据结果集动态填充该表,将查询的结果显示给用户。

However, according to an answer by Col. Shrapnel in my previous Q I shouldn't use POST here: How to hide URL from users when submitting this form?

但是,根据我之前的Q中Shrapnel上校的回答,我不应该在这里使用POST:如何在提交此表单时向用户隐藏URL ?

The reason I use post is simply to hide the "one-page-word-document" long URL in the browsers adress bar.

我使用post的原因只是为了在浏览器adress bar中隐藏“一页文字文档”的长URL。

I am very confused, is it okay to use POST or not?

我很困惑,用POST可以吗?

It is working fine both when I use GET or POST now... And it is already on a production server...

当我现在使用GET或POST时,它都运行得很好。它已经在生产服务器上了……

Btw, in the linked question, I wasn't referring to make URL invisible (or hide it) I just wanted it too look better (which I have accomplished with mod_rewrite).

顺便说一句,在这个链接的问题中,我并不是指让URL不可见(或者隐藏它),我只是希望它看起来更好(我已经用mod_rewrite完成了)。

UPDATE:

更新:

If I use GET, then how should I make the url better looking (beautiful)? Check this previous Q out:

如果我使用GET,那么我应该如何使url看起来更好(漂亮)?检查这个之前的问题:

How to make this very long url appear short?

如何使这个很长的url显得很短?

8 个解决方案

#1


12  

  • Search engines won't index the results
  • 搜索引擎不会对结果进行索引
  • People can't bookmark searches
  • 人们不能书签搜索
  • People can't send a link to their searches to their friends
  • 人们不能把搜索的链接发送给他们的朋友。
  • People can't link to results page from their own webpages
  • 人们不能从自己的网页链接到结果页面
  • Some people can't go Back to the page without receiving scary "Do you want to resubmit the form?"
  • 有些人在返回页面时,会收到可怕的“你想重新提交表单吗?”

If I use GET, then how should I make the url better looking (beautiful)?

如果我使用GET,那么我应该如何使url看起来更好(漂亮)?

You shouldn't. It doesn't matter. The number of users who would notice the URL the form submitted to is tiny, and the number who care is even smaller.

你不应该。没关系。注意到表单提交的URL的用户数量很少,而关心的用户数量甚至更少。

#2


1  

You probably want to perform some vetting on the user inputs to mitigate against SQL injection attacks as it looks like the input is directly manipulating the SQL statement

您可能希望对用户输入执行一些审查,以减轻SQL注入攻击,因为它看起来是直接操作SQL语句的。

#3


1  

The idea behind using GET over POST is that using GET, you have a search URL that you can modify in the address bar, bookmark, and pass on.

使用GET over POST背后的思想是,使用GET,你有一个搜索URL,你可以在地址栏、书签中修改,然后传递下去。

Technically, both methods are fine and basically interchangeable if you have no need to address these aspects, and are passing data from one page to the next.

从技术上讲,如果您不需要处理这些方面,并且正在将数据从一个页面传递到另一个页面,那么这两种方法都可以很好地互换。

One big difference between GET and POST is that GET parameters shouldn't exceed 1-2 kilobytes in size. The size limit for POST request is usually in the dozens of megabytes.

GET和POST之间的一个重要区别是,获取参数的大小不应该超过1-2 kb。POST请求的大小限制通常在几十兆字节中。

#4


1  

GET should be used for requests which are either read-only or don't have any side-effects on the data (i.e. they should be idempotent, as mentioned in the HTTP documentation). You should be able to submit a GET request as many times as you want without it affecting what results will be returned. (You may not always get the same result though, since something else may have changed in the meantime of course, but the GET request shouldn't change the data itself).

GET应该用于只读或没有对数据产生任何副作用的请求(例如,在HTTP文档中提到的,它们应该是idem)。您应该能够提交尽可能多的GET请求,而不影响返回的结果。(您可能不会总是得到相同的结果,因为在此期间可能发生了其他一些变化,但是get请求不应该更改数据本身)。

So searching comes under this category, since you shouldn't be changing any data on your system which will affect the output when you search, you're just giving data to the user based on some parameter they're giving you.

所以搜索属于这个类别,因为你不应该在你的系统上修改任何数据,当你搜索的时候会影响输出,你只是根据他们给你的参数给用户提供数据。

Of course some data you will always want to be updated, such as statistics (as mentioned in the comments), and this is fine with GET, as it won't affect the response, it's just to keep a record of all the requests made, etc.

当然,您总是希望更新一些数据,比如统计数据(如评论中提到的),这对GET来说没问题,因为它不会影响响应,它只是保存所有请求的记录,等等。

POST should be used when any destructive action is performed (by destructive, I mean when data is changed.. not just delete). So add, update, delete, etc.

POST应该在执行任何破坏性操作时使用。不只是删除)。添加,更新,删除等等。

This is why a browser will usually prompt you if you want to resubmit a POST request, but not for GET. It's because POST is meant to be used when data is going to be changed.

这就是为什么如果您想重新提交POST请求,而不是GET,浏览器通常会提示您。这是因为POST是在数据将要被更改时使用的。

Also, some browsers can pre-fetch the pages from links on your page (to try and give the illusion of speed when a link is eventually clicked). If the GET action does something destructive (such as delete a record), then this could be inadvertently triggered simply by visiting the page the link is on for example.

此外,一些浏览器可以从页面上的链接中预先获取页面(当链接最终被点击时,尝试给人以速度的错觉)。如果GET操作做了一些破坏性的事情(例如删除一条记录),那么这可以通过访问链接所在的页面而在不经意间触发。

If you're worried about your URLs looking "messy", you can use something like mod_rewrite to make the URLs more human friendly. So "http://yoursite.com/search/cars/red" could map to "http://yoursite.com/search.php?category=cars&color=red" for example.

如果您担心您的url看起来“混乱”,您可以使用mod_rewrite使url更人性化。所以"http://yoursite.com/search/cars/red"可以映射到"http://yoursite.com/search.php?类别=轿车颜色=红”为例。

#5


0  

First of all remember to sanitize your input using mysql_real_escape_string. GET vs POST is practically the same except that:

首先,请记住使用mysql_real_escape_string对输入进行清理。GET vs POST实际上是一样的,除了:

  • With POST you can't bookmark the page
  • 使用POST,你不能在页面上加书签
  • With GET you can't post files and there's a length limit on the query string
  • 有了GET,你就不能发布文件了,查询字符串有长度限制

I use POST only when I know that the page will modify something server side (i.e. DB update) and then do a redirect to another page.

我只在知道页面将修改服务器端(即DB更新),然后重定向到另一个页面时才使用POST。

#6


0  

David Dorward's answer addresses most of the points - however a big one he misses out is the issue of cacheability.

David Dorward的回答解决了大部分问题——但是他遗漏的一个重要问题是可缓存性问题。

POST and GET have very specific semantics - POST should mean the request changes the data on the system, while GET does NOT. Therefore the response to a POST should not be cached. But the response to a GET may be cached (depending on the headers sent).

POST和GET具有非常特定的语义——POST应该是指请求更改系统上的数据,而GET不是。因此,对POST的响应不应该被缓存。但是对GET的响应可能会被缓存(取决于发送的头部)。

NB content is not just cached on the browser.

NB内容不仅仅缓存在浏览器上。

C.

C。

#7


0  

It sounds like you're concerned with not-friendly URLs, i.e., you want to have friendly URLs throughout your site/application. If so, you can continue to use POST in your scenario, but do a redirect after POST. By doing a redirect-after-post, the redirected URL which renders the results of your search can be made friendly and short, while you can use POST to pass more parameters in the request to the server and avoid the long query string associated with the GET URL.

听起来你很关心不友好的url,比如。,您希望在整个站点/应用程序中都有友好的url。如果是这样,您可以在您的场景中继续使用POST,但是在POST之后执行重定向。通过执行redirect- afterpost操作,重定向URL(呈现搜索结果的URL)可以变得友好而简短,而您可以使用POST将请求中的更多参数传递给服务器,并避免与GET URL关联的长查询字符串。

To learn more redirect-after-post, check out this article http://www.theserverside.com/news/1365146/Redirect-After-Post

要了解更多redirect- afterpost,请查看本文http://www.theserverside.com/news/1365146/ redirect- afterpost

#8


0  

Did you consider:

你有没有考虑:

Submitting the form via GET (or POST), then server-side read the contents of the form (from the url or post data), form a nice url, then 301-redirect to that url.

通过GET(或POST)提交表单,然后服务器端读取表单的内容(来自url或POST数据),形成一个漂亮的url,然后301-redirect到该url。

That way you have complete control of the URL (e.g. its not up to the browser/form how the url looks), and you get all the benefits of using GET, e.g. bookmarkable, linkable, back-button friendly, etc.

通过这种方式,您可以完全控制URL(例如,URL的外观不取决于浏览器/表单),并且您可以获得使用get的所有好处,例如,bookmarkable、linkable、back-button friendly等。

#1


12  

  • Search engines won't index the results
  • 搜索引擎不会对结果进行索引
  • People can't bookmark searches
  • 人们不能书签搜索
  • People can't send a link to their searches to their friends
  • 人们不能把搜索的链接发送给他们的朋友。
  • People can't link to results page from their own webpages
  • 人们不能从自己的网页链接到结果页面
  • Some people can't go Back to the page without receiving scary "Do you want to resubmit the form?"
  • 有些人在返回页面时,会收到可怕的“你想重新提交表单吗?”

If I use GET, then how should I make the url better looking (beautiful)?

如果我使用GET,那么我应该如何使url看起来更好(漂亮)?

You shouldn't. It doesn't matter. The number of users who would notice the URL the form submitted to is tiny, and the number who care is even smaller.

你不应该。没关系。注意到表单提交的URL的用户数量很少,而关心的用户数量甚至更少。

#2


1  

You probably want to perform some vetting on the user inputs to mitigate against SQL injection attacks as it looks like the input is directly manipulating the SQL statement

您可能希望对用户输入执行一些审查,以减轻SQL注入攻击,因为它看起来是直接操作SQL语句的。

#3


1  

The idea behind using GET over POST is that using GET, you have a search URL that you can modify in the address bar, bookmark, and pass on.

使用GET over POST背后的思想是,使用GET,你有一个搜索URL,你可以在地址栏、书签中修改,然后传递下去。

Technically, both methods are fine and basically interchangeable if you have no need to address these aspects, and are passing data from one page to the next.

从技术上讲,如果您不需要处理这些方面,并且正在将数据从一个页面传递到另一个页面,那么这两种方法都可以很好地互换。

One big difference between GET and POST is that GET parameters shouldn't exceed 1-2 kilobytes in size. The size limit for POST request is usually in the dozens of megabytes.

GET和POST之间的一个重要区别是,获取参数的大小不应该超过1-2 kb。POST请求的大小限制通常在几十兆字节中。

#4


1  

GET should be used for requests which are either read-only or don't have any side-effects on the data (i.e. they should be idempotent, as mentioned in the HTTP documentation). You should be able to submit a GET request as many times as you want without it affecting what results will be returned. (You may not always get the same result though, since something else may have changed in the meantime of course, but the GET request shouldn't change the data itself).

GET应该用于只读或没有对数据产生任何副作用的请求(例如,在HTTP文档中提到的,它们应该是idem)。您应该能够提交尽可能多的GET请求,而不影响返回的结果。(您可能不会总是得到相同的结果,因为在此期间可能发生了其他一些变化,但是get请求不应该更改数据本身)。

So searching comes under this category, since you shouldn't be changing any data on your system which will affect the output when you search, you're just giving data to the user based on some parameter they're giving you.

所以搜索属于这个类别,因为你不应该在你的系统上修改任何数据,当你搜索的时候会影响输出,你只是根据他们给你的参数给用户提供数据。

Of course some data you will always want to be updated, such as statistics (as mentioned in the comments), and this is fine with GET, as it won't affect the response, it's just to keep a record of all the requests made, etc.

当然,您总是希望更新一些数据,比如统计数据(如评论中提到的),这对GET来说没问题,因为它不会影响响应,它只是保存所有请求的记录,等等。

POST should be used when any destructive action is performed (by destructive, I mean when data is changed.. not just delete). So add, update, delete, etc.

POST应该在执行任何破坏性操作时使用。不只是删除)。添加,更新,删除等等。

This is why a browser will usually prompt you if you want to resubmit a POST request, but not for GET. It's because POST is meant to be used when data is going to be changed.

这就是为什么如果您想重新提交POST请求,而不是GET,浏览器通常会提示您。这是因为POST是在数据将要被更改时使用的。

Also, some browsers can pre-fetch the pages from links on your page (to try and give the illusion of speed when a link is eventually clicked). If the GET action does something destructive (such as delete a record), then this could be inadvertently triggered simply by visiting the page the link is on for example.

此外,一些浏览器可以从页面上的链接中预先获取页面(当链接最终被点击时,尝试给人以速度的错觉)。如果GET操作做了一些破坏性的事情(例如删除一条记录),那么这可以通过访问链接所在的页面而在不经意间触发。

If you're worried about your URLs looking "messy", you can use something like mod_rewrite to make the URLs more human friendly. So "http://yoursite.com/search/cars/red" could map to "http://yoursite.com/search.php?category=cars&color=red" for example.

如果您担心您的url看起来“混乱”,您可以使用mod_rewrite使url更人性化。所以"http://yoursite.com/search/cars/red"可以映射到"http://yoursite.com/search.php?类别=轿车颜色=红”为例。

#5


0  

First of all remember to sanitize your input using mysql_real_escape_string. GET vs POST is practically the same except that:

首先,请记住使用mysql_real_escape_string对输入进行清理。GET vs POST实际上是一样的,除了:

  • With POST you can't bookmark the page
  • 使用POST,你不能在页面上加书签
  • With GET you can't post files and there's a length limit on the query string
  • 有了GET,你就不能发布文件了,查询字符串有长度限制

I use POST only when I know that the page will modify something server side (i.e. DB update) and then do a redirect to another page.

我只在知道页面将修改服务器端(即DB更新),然后重定向到另一个页面时才使用POST。

#6


0  

David Dorward's answer addresses most of the points - however a big one he misses out is the issue of cacheability.

David Dorward的回答解决了大部分问题——但是他遗漏的一个重要问题是可缓存性问题。

POST and GET have very specific semantics - POST should mean the request changes the data on the system, while GET does NOT. Therefore the response to a POST should not be cached. But the response to a GET may be cached (depending on the headers sent).

POST和GET具有非常特定的语义——POST应该是指请求更改系统上的数据,而GET不是。因此,对POST的响应不应该被缓存。但是对GET的响应可能会被缓存(取决于发送的头部)。

NB content is not just cached on the browser.

NB内容不仅仅缓存在浏览器上。

C.

C。

#7


0  

It sounds like you're concerned with not-friendly URLs, i.e., you want to have friendly URLs throughout your site/application. If so, you can continue to use POST in your scenario, but do a redirect after POST. By doing a redirect-after-post, the redirected URL which renders the results of your search can be made friendly and short, while you can use POST to pass more parameters in the request to the server and avoid the long query string associated with the GET URL.

听起来你很关心不友好的url,比如。,您希望在整个站点/应用程序中都有友好的url。如果是这样,您可以在您的场景中继续使用POST,但是在POST之后执行重定向。通过执行redirect- afterpost操作,重定向URL(呈现搜索结果的URL)可以变得友好而简短,而您可以使用POST将请求中的更多参数传递给服务器,并避免与GET URL关联的长查询字符串。

To learn more redirect-after-post, check out this article http://www.theserverside.com/news/1365146/Redirect-After-Post

要了解更多redirect- afterpost,请查看本文http://www.theserverside.com/news/1365146/ redirect- afterpost

#8


0  

Did you consider:

你有没有考虑:

Submitting the form via GET (or POST), then server-side read the contents of the form (from the url or post data), form a nice url, then 301-redirect to that url.

通过GET(或POST)提交表单,然后服务器端读取表单的内容(来自url或POST数据),形成一个漂亮的url,然后301-redirect到该url。

That way you have complete control of the URL (e.g. its not up to the browser/form how the url looks), and you get all the benefits of using GET, e.g. bookmarkable, linkable, back-button friendly, etc.

通过这种方式,您可以完全控制URL(例如,URL的外观不取决于浏览器/表单),并且您可以获得使用get的所有好处,例如,bookmarkable、linkable、back-button friendly等。