Sun Dial Menu
Whether to use POST or GET Methods
Menu Google Analytics 4
Menu Whether to use POST or GET Methods
 

Whether to use POST or GET Methods

Some notes to self

In my attempts to GET forms working the way that I wanted I got confused between the methods used in form processing. I vaguely knew that _POST was inherrently "safer" than _GET but I didn't really understand the significance and diffences. I also had a problem with waht the PHP_SELF variable did in the context of forms.

The differences

Thesa are more fully explained on the W3C pages but the key things relating to my design was that form variables/elements were not being passed between php form processing pages in the same way. My first non-verified prototype used _GET and processed the output from a form on a secondary php page, this did not work for the verified version that used _POST. This is explained, I think, by the way that data is passed around by the 2 methods. The _POST was never going work with a secondary php processor as the data is not cached by the browser or passed to the new page via the url.

Also, the fact that PHP_SELF was used in the validation example meant that the form elements/variables were intended to be displayed on the same page, the action="processing.php" was relaced by the $_SERVER["PHP_SELF"] action.

My Design Plan

The flow was to display the form variables on a secondary confirmation page. This page was also going to process the emails to be sent.

Top

Security and Referrer information

In a discussion about user privacy and Facebook users Facebook Engineering made a point about not exposing their users details when software such as a search engine robot analyses the referrer information supplied to the webs spider. This was in relation to links placed on Facebook posts and that it was important to control what is revealed in the the referrer string.

Whether this is a "red herring" or a legit reason is in my mind a subject of debate. As far as I know there is no user information in a referrer string when a link is followed from a Facebook page. As Facebook are shimming the link one can never tell. Unlike the submission of a <form> using a GET, where the URL string will contain the data from the form which could include user names and passwords, such a link request does not.

Links

External Links Disabled.

tempusfugit.me.uk is a non-commercial website. No payment or benefit is gained by the placement of links toother websites.

The External link is disabled to on this page, please visit other pages

Unlike most genealogical research websites tempusfugit.me.uk does not attempt to get you to "sign-up" when you click on one of their links.

This Wikipedia link is disabled.

The link on Wikipedia was to:

External Links Disabled.

tempusfugit.me.uk is a non-commercial website. No payment or benefit is gained by the placement of links to other websites.

The External link is disabled to on this page, please visit other pages

Top

External Links - references

Site design by Tempusfugit Web Design -