#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Location
    Western Seaboard
    Posts
    2
    Rep Power
    0

    Client-side Form Data to Backend uses GET?


    Hi all,

    The code below is from a tutorial on submitting client-side form data to a PHP file on a webserver, which then writes it to a flat file.

    client:
    PHP Code:
    <html>
    <
    head>
    <
    title>Form to Flat File</title>
    </
    head>
    <
    body>
    <
    form action="sendinfo.php" method="get">
    Your Name:<br />
    <
    input type="text" name="name"><br />
    Your Message:<br />
    <
    textarea name="message"></textarea><br />
    <
    input type="submit" value="Send Info">
    </
    form>
    </
    body>
    </
    html
    server:
    PHP Code:
    <html>
    <head>
    <title>Form to Flat File</title>
    </head>
    <body>
    <?php
    include('config.php');
    $user $_GET["name"];
    $message $_GET["message"];
    print(
    "<b>Thank You!</b><br />Your information has been added! You can see it by <a href=savedinfo.php>Clicking Here</a>");
    $out fopen("savedinfo.php""a");
    if (!
    $out) {
    print(
    "Could not append to file");
    exit;
    }
    fputs ($out,implode,("\n"));
    fwrite($out,"<b>$user</b><br />$message<br /><br />");
    fclose($out);
    ?>
    </body>
    </html>
    Why did the author choose to use GET instead of POST?

    I'm thinking it might be more secure...

    Thanks in Advance!
  2. #2
  3. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2002
    Location
    Seattle, U.S.A.
    Posts
    712
    Rep Power
    12
    It's probably hard to say why the person chose GET over POST. Perhaps it was easier for a learning to see something happen.

    GET is actually less secure because the URL values are saved in the access log, so lets say you were to put the username and password in the url:

    domain.com?username=mark&password=mypassword

    That would be saved in the web access logs, not good.

    POST doesn't save the values in any logs.

    GET is great for saving state of a page, like a catalog page.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Location
    Western Seaboard
    Posts
    2
    Rep Power
    0
    Thanks for the help msteudel.

    After I posted, I phoned a friend of mine and asked him. He also said that GET was less secure.

    I should just get to reading about the particulars of the 4 form methods....maybe I'm being lazy because it's sunday...

    Thanks again!
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Sep 2006
    Posts
    1,794
    Rep Power
    529
    As a general rule, use POST when ever you want to change state of something. For instance, save something in a database, send an email, set a session, etc. If you are just getting some information, use get.

IMN logo majestic logo threadwatch logo seochat tools logo