Question

Is there a difference if a parameter of a POST-form is placed in the query string:

<form action="mysite.com/index.php?myparam=myvalue">
    ...more inputs here
</form>

并且把它作为隐蔽的投入?

<form action="mysite.com/index.php">
    <input type="hidden" value="myvalue">
    ...more inputs here
</form>

I m使用Joomla,但它实际上完全无关。我看到,他们的辅导中有一部分是“什么地方和什么地方”的,但事实上是这样吗? 如果我使用的话,会有什么影响?

NOTE:I forgot to place action=post in the form which has changing the question fundamental. 然而,由于得到的令人感兴趣的回答不仅仅是我的问题,我决定离开这些答案。

Answer 1

是的,在技术和概念上有所不同。这种差异如何影响你,取决于处理请求的申请服务器(当然还有你的选择)。

<>技术差异:

在大多数应用服务器中,参数的源头(URL或 FORM)确定其最终位置。在PHP中,url参数分别载于_GET,并在_$_POST上形成超级全球化。如果你不关心技术差异,则为方便起见,有一份<代码>_REquestST超级全球化。

<>可见度>

区分两种类型的申请参数最符合逻辑:

Such that are required to render a page, i.e. they don t change anything in the database if you send the request again.
Such that change the database, i.e. are destructive (they are the reason why browsers ask if you are okay with posting a page again if you hit refresh).

前者称为dempotent,应通过GET转让。一个很好的例子就是搜身或创记录。不管你被点击的频率如何,该数据库始终不.。

The other kind of parameter is data that should be stored in the DB. It would be destructive in the sense that it actually changes database contents. These parameters should be transferred via POST.

这样,这也是决定贵表格是否应当为method=“GET”>或method=“POST”的好办法: 每当表格输入数据库时,使用通用公平贸易法表格。例如,用户查询<>/em>表格应为“GET”,用户喜好表格应为“POST”。

现在,你可以说,就你而言,创纪录的ID是多余的,但以你的形式提供的其他信息渠道不是这样。在该案中,我发现使用最有说服力。

<form action="mysite.com/index.php?id=1234" method="POST">  </form>

since a GET mysite.com/index.php?id=1234 would request that very record.

没有必要这样做,当然,你可以将国际发展研究中心列为隐蔽的投入。

Two things you should be aware of, though:

In this case the HTTP server logs would not show evidence of which record the user posted to (if you care for that).

This kind of separation only works for POST forms. GET forms ignore the parameters in action attribute, you must specify all of them in as hidden input fields.

Answer 2

for the POST form there is no difference.
for the GET form the entirely new query string would be composed of the form fields, eliminating all existing values - so, never use query string for the GET forms, use hidden fields instead.

Answer 3

国际投资协议存在不同之处,因为GET参数已转给行动属性,因此被排除在外。你们应当使用隐蔽的田地。

如果你具体说明以你的形式确定的方法,并将其价值确定为“POST”,那么,你将不得不将GET和POST参数混为一谈。

我使用了以下档案进行测试(名称为“测试对象.php”):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>Test GET</title>
    </head>
    <body>
        <p>
            <?php
                if( ! empty( $_GET ) )
                {
                    print_r( $_GET );
                }
                if( ! empty( $_POST ) )
                {
                    print_r( $_POST );
                }
            ?>
        </p>
        <p>No method attribute</p>
        <form action="testget.php?foo=bar">
            <input type="hidden" name="bar" value="foo" />
            <input type="submit" value="Submit" />
        </form>
        <p>method="get"</p>
        <form action="testget.php?foo=bar" method="get">
            <input type="hidden" name="bar" value="foo" />
            <input type="submit" value="Submit" />
        </form>
        <p>method="post"</p>
        <form action="testget.php?foo=bar" method="post">
            <input type="hidden" name="bar" value="foo" />
            <input type="submit" value="Submit" />
        </form>
    </body>
</html>

<<>Output>:

No method attribute:Array ( [bar] => foo )

method="get":Array ( [bar] => foo )

method="post": Array ( [foo] => bar ) Array ( [bar] => foo )

友情链接