使用GET方法上传文件 [英] File uploading using GET Method
问题描述
POST 方法完成的。那么,为什么不能使用 GET 方法来上传文件呢?是否有特定的禁止HTTP GET 上传?
GET请求可能包含一个实体主体
RFC 2616不会阻止实体主体作为GET请求的一部分。这经常被误解,因为PHP使用 那么规范中提到的GET方法 ......那么: 特别是,规定GET和HEAD方法不应该具有除检索以外的其他操作的意义。这些方法应该被认为是安全的。 所以GET的重要之处在于确保任何GET请求都是安全的。尽管如此,禁止是 $ _ GET 超全局模糊水域。技术上与HTTP GET 请求方法无关 - 它只不过是一个键值列表来自请求URI查询字符串的url编码参数。您可以访问 $ _ GET 数组,即使请求是通过POST / PUT / etc进行的。奇怪,对吧?不是一个很好的抽象,是吗?
为什么一个GET实体是一个坏主意
仅仅是不应该
严格基于检索的动作。
当然,从语义的角度来看,使用名为 GET 的方法执行除$ b $以外的操作b获得一个资源也没什么意义。
当一个GET实体正在平坦的时候出错
关于幂等性,规范说:
方法也可以具有幂等性的性质(除了错误或过期问题)
N> 0个相同请求的副作用与单个请求相同。 GET,
HEAD,PUT和DELETE共享这个属性。
这意味着一个GET方法必须而不是对
相同资源的多个请求具有不同的副作用。所以,不管实体是否作为GET请求的一部分,副作用
必须始终是相同的。通俗地说,这意味着如果发送一个带有实体主体
的GET 100次的服务器不能创建100个新的资源。无论是发送一次还是发送100次请求,
都有相同的结果。这严重限制了GET方法发送实体的有用性。
如果有疑问,在评估效能时总是回到安全性/幂等性测试中
一种方法及其产生的副作用。
As we all know, file uploading is most often accomplished using POST method. So, why can't the GET method be used for file uploads instead? Is there a specific prohibition against HTTP GET uploads?
GET requests may contain an entity body
RFC 2616 does not prevent an entity body as part of a GET request. This is often misunderstood because PHP muddies the waters with its poorly-named $_GET superglobal. $_GET technically has nothing to do with the HTTP GET request method -- it's nothing more than a key-value list of url-encoded parameters from the request URI query string. You can access the $_GET array even if the request was made via POST/PUT/etc. Weird, right? Not a very good abstraction, is it?
Why a GET entity body is a bad idea
So what does the spec say about the GET method ... well:
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe."
So the important thing with GET is to make sure any GET request is safe. Still, the prohibition is only "SHOULD NOT" ... technically HTTP still allows a GET requests to result in an action that isn't strictly based around "retrieval."
Of course, from a semantic standpoint using a method named GET to perform an action other than
"getting" a resource doesn't make very much sense either.
When a GET entity body is flat-out wrong
Regarding idempotence, the spec says:
Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property.
This means that a GET method must not have differing side-effects for multiple requests for the same resource. So, regardless of the entity body present as part of a GET request, the side-effects must always be the same. In layman's terms this means that if you send a GET with an entity body 100 times the server cannot create 100 new resources. Whether sent once or 100 times the request must have the same result. This severely limits the usefulness of the GET method for sending entity bodies.
When in doubt, always fall back to the safety/idempotence tests when evaluating the efficacy of a method and its resulting side-effects.
这篇关于使用GET方法上传文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
