Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: POST vs GET & their intermingling.

by merlyn (Sage)
on Dec 29, 2000 at 21:34 UTC ( #48844=note: print w/replies, xml ) Need Help??


in reply to POST vs GET & their intermingling.

perldoc CGI reveals:
MIXING POST AND URL PARAMETERS $color = $query->url_param('color'); It is possible for a script to receive CGI parameters in the URL a +s well as in the fill-out form by creating a form that POSTs to a URL containing a query string (a "?" mark followed by arguments). The param() method will always return the contents of the POSTed fill- +out form, ignoring the URL's query string. To retrieve URL parameters, + call the url_param() method. Use it in the same way as param(). The mai +n difference is that it allows you to read the parameters, but not s +et them. Under no circumstances will the contents of the URL query string interfere with similarly-named CGI parameters in POSTed forms. If +you try to mix a URL query string with a form submitted with the GET m +ethod, the results will not be what you expect.

-- Randal L. Schwartz, Perl hacker

Replies are listed 'Best First'.
Re: POST vs GET & their intermingling.
by Dominus (Parson) on Dec 29, 2000 at 22:47 UTC
    Says merlyn, quoting Lincoln Stein:
    Under no circumstances will the contents of the URL query string interfere with similarly-named CGI parameters in POSTed forms.
    That's a nice theory, but if the browser screws it up, there is nothing that Lincoln or CGI.pm can do to unscrew it. And in my experience, this is one of the cases that browsers are most likely to screw up.

    Many browsers like to take the URL parameters and the posted form data and mingle them in various nasty ways.

Re: Re: POST vs GET & their intermingling.
by boo_radley (Parson) on Dec 29, 2000 at 21:48 UTC
    Under no circumstances will the contents of the URL query string interfere with similarly-named CGI parameters in POSTed forms. If you try to mix a URL query string with a form submitted with the GET method, the results will not be what you expect.
    I came to this same conclusion after reading the specification for the FORM tag.
      I came to this same conclusion after reading the specification for the FORM tag.
      Hmm. I just skimmed through that specification, and couldn't see how you came to that conclusion.

      There seems to be three uncorrelated elements:

      1. Whether the form parameters to be sent can come from both the action attribute and the form elements themselves (unclear in the spec)
      2. Whether those parmeters are encoded using GET or POST methods (selected by the form's method attribute)
      3. Whether the CGI processing agent should interpret query-string parameters in addition to content parameters when using the POST method (not specified at all in that referenced spec - that would be in a CGI spec)
      Did you read something I didn't?

      -- Randal L. Schwartz, Perl hacker

        I'm curious about something in it, too:
        action %URI; #REQUIRED -- server-side form handler --
        Perhaps I am misunderstanding how they use their terms, but I thought action was an optional attribute, but this states that it is required. By default, action is the same URL from which the browser received the request. While I always explicitly state the action, I can see the utility of occasionally leaving this tag off. Is this something that has changed in the specification?

        Cheers,
        Ovid

        Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

        under the attribute the w3 spec lists :
        method      (GET|POST)

        I inferred (ass-u-me-d:) ) that to properly submit data, you should only use one or the other, discounting the idea that someone could read in the url to retrieve GET data. On a side note, I see that CGI.pm says
        start_form() will return a <FORM> tag with the optional method, action + and form encoding that you specify. The defaults are: method: POST action: this script enctype: application/x-www-form-urlencoded
        while w3's spec says
        method = get|post [CI] This attribute specifies which HTTP method will be used to submit the +form data set. Possible (case-insensitive) values are "get" (the defa +ult) and "post". See the section on form submission for usage informa +tion.
        And find it mildly amusing that the default methods disagree. Which, it seems is often the case for web standards documents.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://48844]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (3)
As of 2022-01-22 18:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (63 votes). Check out past polls.

    Notices?