[nycphp-talk] Preferred method for parsingmulti-row submitbuttons
Hans Zaunere
lists at zaunere.com
Mon Nov 21 22:42:17 EST 2005
Chris Shiflett wrote on Monday, November 21, 2005 9:23 PM:
> Cliff Hirsch wrote:
> > I thought of that, and again, it sure would be much easier. But
> > doesn't that violate the W3C recommendation for get versus post.
> > Isn't a Hyperlink simulating a get submission, which should not
> > be used for "actions" that modify a database.
>
> That's my interpretation. Section 9.1.1 of RFC 2616:
>
> "In particular, the convention has been established that the GET and
> HEAD methods SHOULD NOT have the significance of taking an action other
> than retrieval. These methods ought to be considered "safe". This allows
> user agents to represent other methods, such as POST, PUT and DELETE, in
> a special way, so that the user is made aware of the fact that a
> possibly unsafe action is being requested."
But this certainly shouldn't be considered a real practice. For example, a
GET comes in and I update a session - via a database let's say. While RFCs
are good academically, that's how security holes are born. Let's not
examine the SHOULD or SHOULD NOTs in the TCP or IP RFCs :)
---
Hans Zaunere / President / New York PHP
www.nyphp.org / www.nyphp.com
More information about the talk
mailing list