使用 GET 方法上传文件 [英] File uploading using GET Method

问题描述

众所周知，文件上传最常使用POST方法完成.那么，为什么不能使用 GET 方法来代替文件上传呢?是否有针对 HTTP GET 上传的具体禁令?

As we all know, file uploading is most often accomplished using POST method. So, why can't the GET method be used for file uploads instead? Is there a specific prohibition against HTTP GET uploads?

推荐答案

GET 请求可能包含实体主体

RFC 2616 不阻止实体主体作为 GET 请求的一部分.这经常被误解，因为 PHP 用它的 名称不佳 $_GET 超全局混淆了水域.$_GET 在技术上与 HTTP GET 请求方法无关——它只不过是请求 URI 查询字符串中的 url 编码参数的键值列表.即使请求是通过 POST/PUT/etc 发出的，您也可以访问 $_GET 数组.很奇怪，对吧?不是一个很好的抽象，是吗?

GET requests may contain an entity body

RFC 2616 does not prevent an entity body as part of a GET request. This is often misunderstood because PHP muddies the waters with its poorly-named $_GET superglobal. $_GET technically has nothing to do with the HTTP GET request method -- it's nothing more than a key-value list of url-encoded parameters from the request URI query string. You can access the $_GET array even if the request was made via POST/PUT/etc. Weird, right? Not a very good abstraction, is it?

那么 规范对 GET 方法有什么看法 ...好吧:

特别是，已经建立了约定，即 GET 和 HEAD 方法不应具有采取除检索之外的操作的意义.这些方法应该被认为是安全的".

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe."

因此，使用 GET 最重要的是确保任何 GET 请求都是安全的.尽管如此，禁令仍然是只有 "SHOULD NOT" ...从技术上讲，HTTP 仍然允许 GET 请求导致一个不是严格基于检索".

So the important thing with GET is to make sure any GET request is safe. Still, the prohibition is only "SHOULD NOT" ... technically HTTP still allows a GET requests to result in an action that isn't strictly based around "retrieval."

当然，从语义的角度来看，使用名为 GET 的方法来执行除获取"资源也没有多大意义.

Of course, from a semantic standpoint using a method named GET to perform an action other than "getting" a resource doesn't make very much sense either.

关于幂等性，规范说:

方法也可以具有幂等性"的属性(除了错误或过期问题)N > 0 个相同请求的副作用与单个请求相同.方法 GET，HEAD、PUT 和 DELETE 共享此属性.

Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property.

这意味着一个 GET 方法不能对多个请求有不同的副作用相同的资源.因此，无论作为 GET 请求的一部分存在的实体主体如何，副作用必须始终相同.通俗地说，这意味着如果您发送带有实体主体的 GET100 次服务器无法创建 100 个新资源.无论是发送一次还是 100 次请求都必须有相同的结果.这严重限制了 GET 方法发送实体主体的实用性.

This means that a GET method must not have differing side-effects for multiple requests for the same resource. So, regardless of the entity body present as part of a GET request, the side-effects must always be the same. In layman's terms this means that if you send a GET with an entity body 100 times the server cannot create 100 new resources. Whether sent once or 100 times the request must have the same result. This severely limits the usefulness of the GET method for sending entity bodies.

如有疑问，请在评估功效时始终回退到安全性/幂等性测试方法及其产生的副作用.

When in doubt, always fall back to the safety/idempotence tests when evaluating the efficacy of a method and its resulting side-effects.

这篇关于使用 GET 方法上传文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！