混合使用POST和POST - 这是一个不好的做法？ [英] Mixing GET with POST - is it a bad practice?

问题描述

混合GET和POST是一种不好的做法吗？ （注意这是用PHP写的）

Is it a bad practice to mix GET and POST? (note this is in PHP)

eg

<form action="delete.php?l=en&r=homepage" method="post">
 <!-- post fields here -->
</form>

推荐答案

实际上，这会发送POST请求到服务器，所以在技术上你不会把两者混合在一起：你正在使用带有URL参数的POST。没有什么根本性的错误，只要你不使用你的URL作为隐藏字段的形式参数。

Actually, this will send a POST request request to the server, so technically you aren't mixing the two together : you are using POST with url parameters. There is nothing fundamentally wrong with this, as long as you don't use your URL for parameters that should be in the form as hidden field.

有一些简单的规则：您可以使用GET（可能带有URL参数）用于不改变服务器的常量，并使用POST来修改服务器。如果你的url参数包含你想删除的东西的ID，那么这将是一个不好的做法。

There are simple rules : you use GET (possibly with URL parameters) for constant things that do not change the server, and POST for thing that modify the server. If your url parameters contained the ID of something you wanted to delete, then it would be bad practice.

编辑，几年后

我被要求提供源代码，所以这里是HTTP规范的相关部分

I was asked for source, so here are the relevant part of the very spec of HTTP

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

约定已经确定， GET 和HEAD方法不应该具有除检索以外的其他操作的意义。 这些方法应被视为安全。这允许用户代理以一种特殊的方式表示其他方法，比如 POST ，PUT和DELETE，以便使用户意识到可能不安全的操作正在被请求。

the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

你去那里，GET不应该改变任何东西，POST是改变服务器的东西（不安全的操作） 。我应该可以打电话GET任何时间。它不仅是幂等的：它应该是（尽可能）免费的副作用！如果涉及缓存，请求甚至可能无法到达服务器。

There you go, GET should not change anything, POST is for thing that change the server (unsafe operation). I should be able to call GET any number of time. It is more than idempotent : it's should be (as much as possible) side-effect free! With GET the request may not even reach the server if caching is involved.

所以是的：你有一个表单，想知道你是否使用GET还是POST？然后更改server => POST，不要更改server => GET。 由于可以用任何动词（get或post）访问URL，因此不要将更改服务器的数据放入URL中，因为有人可能会复制该URL，执行GET并在您不知道的情况下更改服务器。想象一下，如果有人在Facebook上复制了该网址，并且有10 000人开始删除随机事件，会发生什么？不好。最近的框架（node，ruby）更好地被隔离，但不是基本的PHP，所以对于那种语言来说这是一个很好的经验法则。

So yeah : you have a form, want to know if you use GET or POST? Then change server => POST, don't change server => GET. And since a URL can be accessed with any verbs (get or post), don't put the data that change the server in the URL, because someone may copy that URL, do a GET and change your server without you knowing. Imagine what would happen if someone copied that URL on facebook and 10 000 people started to delete random things? Not good. Recent framework (node, ruby) are better insulated against that, but not basic PHP, so it's a good rule of thumb for that language.

这篇关于混合使用POST和POST - 这是一个不好的做法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！