in reply to Re^2: CGI MySQL insert/update special characters
in thread CGI MySQL insert/update special characters
Your new approach using POST is far safer than what you were doing and has far better compliance with RFC2616's rules for "safe" and "idempotent" methods. In brief, GET requests are "defined" to not have side effects, while other methods, including POST, have no such restrictions. You must use POST if the request is intended to do something.
Further, request URLs often appear in logs, but POST data is generally understood to be potentially sensitive. You should never submit a password with a GET request; logins need to always use POST and, if you are sending them over the open Internet, TLS. Plaintext HTTP is safe on an isolated network, but sending anything remotely sensitive over the open Internet needs HTTPS (or the TLS upgrade sequence for HTTP/TLS over port 80).
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^4: CGI MySQL insert/update special characters
by haukex (Archbishop) on Mar 29, 2020 at 07:13 UTC | |
by jcb (Parson) on Mar 30, 2020 at 01:19 UTC | |
by haukex (Archbishop) on Mar 30, 2020 at 07:24 UTC | |
by jcb (Parson) on Mar 31, 2020 at 03:43 UTC | |
Re^4: CGI MySQL insert/update special characters
by bliako (Monsignor) on Mar 29, 2020 at 12:13 UTC | |
by hippo (Bishop) on Mar 29, 2020 at 12:21 UTC | |
by Your Mother (Archbishop) on Mar 29, 2020 at 18:07 UTC | |
by bliako (Monsignor) on Mar 29, 2020 at 14:48 UTC | |
by jcb (Parson) on Mar 30, 2020 at 01:26 UTC |