将 GET 与 POST 混合使用 - 这是一种不好的做法吗? [英] Mixing GET with POST - is it a bad practice?

问题描述

混合使用 GET 和 POST 是一种不好的做法吗?(注意这是在 PHP 中)

Is it a bad practice to mix GET and POST? (note this is in PHP)

例如

<form action="delete.php?l=en&r=homepage" method="post">
 <!-- post fields here -->
</form>

推荐答案

实际上，这会向服务器发送 POST 请求请求，因此从技术上讲，您不会将两者混合在一起:您使用的是带有 url 参数的 POST.只要您不将 URL 用于应作为隐藏字段的表单中的参数，这从根本上没有任何问题.

Actually, this will send a POST request request to the server, so technically you aren't mixing the two together : you are using POST with url parameters. There is nothing fundamentally wrong with this, as long as you don't use your URL for parameters that should be in the form as hidden field.

有简单的规则:对不改变服务器的常量使用 GET(可能带有 URL 参数)，对修改服务器的事物使用 POST.如果您的 url 参数包含您要删除的内容的 ID，那么这将是不好的做法.

There are simple rules : you use GET (possibly with URL parameters) for constant things that do not change the server, and POST for thing that modify the server. If your url parameters contained the ID of something you wanted to delete, then it would be bad practice.

编辑，多年后

我被要求提供源代码，所以这里是 HTTP 规范的相关部分

I was asked for source, so here are the relevant part of the very spec of HTTP

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

约定已经建立，GET 和 HEAD 方法不应该具有执行除检索之外的操作的意义.这些方法应该被认为是安全的".这允许用户代理以特殊方式表示其他方法，例如 POST、PUT 和 DELETE，以便让用户意识到可能不安全的操作 正在被请求.

the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

你去吧，GET不应该改变任何东西，POST是改变服务器的东西(不安全的操作).我应该可以多次调用 GET.它不仅仅是幂等的:它应该(尽可能)没有副作用！使用 GET，如果涉及缓存，请求甚至可能无法到达服务器.

There you go, GET should not change anything, POST is for thing that change the server (unsafe operation). I should be able to call GET any number of time. It is more than idempotent : it's should be (as much as possible) side-effect free! With GET the request may not even reach the server if caching is involved.

是的:你有一个表单，想知道你是使用 GET 还是 POST?然后更改服务器 => POST，不要更改服务器 => GET.并且由于可以使用任何动词(get 或 post)访问 URL，因此不要将更改服务器的数据放在 URL 中，因为有人可能会复制该 URL，执行 GET 并在您不知情的情况下更改您的服务器. 想象一下，如果有人在 facebook 上复制该 URL 并且 10 000 人开始随机删除内容，会发生什么?不好.最近的框架(node、ruby)更好地隔离了这一点，但不是基本的 PHP，所以这是该语言的一个很好的经验法则.

So yeah : you have a form, want to know if you use GET or POST? Then change server => POST, don't change server => GET. And since a URL can be accessed with any verbs (get or post), don't put the data that change the server in the URL, because someone may copy that URL, do a GET and change your server without you knowing. Imagine what would happen if someone copied that URL on facebook and 10 000 people started to delete random things? Not good. Recent framework (node, ruby) are better insulated against that, but not basic PHP, so it's a good rule of thumb for that language.

这篇关于将 GET 与 POST 混合使用 - 这是一种不好的做法吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！