2

I have some jQuery that sends data to a AddComment.php page. The data is a user id (could be gotten through a session), an item id and a comment under text form.

In this case, should all data be sent through a POST? Are there cases where one might find a mix of GET and POST?

James P.
  • 19,313
  • 27
  • 97
  • 155
  • 2
    You might as well send everything as a `POST`. My only suggestion, if you can obtain the user id from the session, do that as it's safer than relying on user input (which could be be changed by the user). – Francois Deschenes Jul 18 '11 at 08:13

3 Answers3

4

Go read RFC 2616.

There are very specific semantics associated with GET and POST which have a big impact on caching and on logging.

In the case of your example, the data to be added should be sent in a POST. Whether a reference to the item being commented on should be sent via POST or GET variable is debatable. (you can POST to a URL with a query string and any competent web language should be able to discriminate between the same variable name sent via both methods)

A more transparent example of when GET and POST should be mixed is when POSTing to a front-controller - here the same path is used by various different bits of functionality (web pages if you like). The specific bit of functionality being invoked is indicated by the query in a GET operation. If the selection criteria are moved into the POST then you have to cater for both scenarios within the front controller, and you lose resolution of the functionality in the log files.

symcbean
  • 47,736
  • 6
  • 59
  • 94
2

It should be sent by POST primarily because a comment can exceed the length of a URL a web browser will access. It should also be sent by POST because this form creates or modifies data, and that's the convention. Search spiders will not make POST requests, for example, to avoid doing that.

You cannot mix GET and POST. An HTTP request is of only one method.

Dan Grossman
  • 51,866
  • 10
  • 112
  • 101
  • 3
    You _can_ **mix** GET and POST. – Dejan Marjanović Jul 18 '11 at 08:22
  • I don't agree: you can mix POST and GET – Nicola Peluchetti Jul 18 '11 at 08:25
  • Depends on what you mean. In PHP, Querystrings are passed to the array $_GET. It is no problem to use querystrings in a post-request. The $_GET and $_POST will have contents. – Jan Sverre Jul 18 '11 at 08:25
  • @Dan Can you give more explanation on this. Never heard this. What if I post something to URL: `http://example.com/?param=value` ? – Karolis Jul 18 '11 at 08:25
  • But, it is a post-request, not a get-request, so you cannot mix that. A request is either HTTP GET, HTTP POST or something else. Cannot be both HTTP GET and HTTP POST – Jan Sverre Jul 18 '11 at 08:26
  • 3
    @Karolis: It is HTTP POST with querystrings. Not HTTP GET. But the $_GET will have contents. – Jan Sverre Jul 18 '11 at 08:27
  • Populating `$_GET` from an `HTTP POST` request is one of those PHP features where PHP does what the novice expects instead of requiring you to know what you're doing, IMO. It's a poorer language for features like that. It took us years to move past the magic quotes thing... – Dan Grossman Jul 18 '11 at 08:33
  • @Jannis Ok, interesting. Are there any technical difference between data sent using GET method and the data sent using POST method with querystring parameters? (In this case lets assume that I am not sending any POST specific data). – Karolis Jul 18 '11 at 08:36
  • @Dan But how querystring parameters differs in GET and POST requests? – Karolis Jul 18 '11 at 08:40
  • @Karolis What about it? The query string may exist, but shouldn't be put in `$_GET` if it's not a `GET` request. The person making the `POST` should put all of the data in the request body. – Dan Grossman Jul 18 '11 at 08:47
  • @Dan Are there any restrictions for query string in POST request that doesn't apply to GET request? I need a strong technical argument in order to understand this. Because I always thought that POST request is just some kind of extension of GET request. It's a really interesting thing to me. – Karolis Jul 18 '11 at 08:54
  • @Jannis Maybe you can explain this? – Karolis Jul 18 '11 at 09:02
  • @Karolis There is no strong technical argument in favor of one or the other, except the limit on the length of URLs imposed by browsers. That limits the length of query strings where a browser will happily POST a much larger amount of data. You also can't directly transmit binary data through a URL; it has to be encoded through a method which will only use the allowed characters, such as base64. Outside the browser, the only difference between GET and POST is whether the data is sent as part of the request URI or if it's in the body of the request. – Dan Grossman Jul 18 '11 at 09:13
  • @Dan Thanks for the answer. Actually all the information you provided is already known to me :) The URL limit applies for POST requests too, not only for GET request, so you can't say that it's a difference. We can also send data as part of URI in POST request too. So it's not the difference too. In brief it seems that GET request is a querystring request and POST request is querystring+body request (sure there are other details but it's a simplified view). But it seems the problem is how we name this. You say that POST request with querystring is POST request. I say that it's a GET+POST mix. – Karolis Jul 18 '11 at 10:00
  • The very first word in every request made according to the Hyptertext Transfer Protocol is a method. It is either GET, POST, PUT, TRACE, etc. It is a single word. It cannot be GET+POST, it cannot be GET POST, it can only be ONE METHOD. Read the protocol specification if you must to be convinced. Do not call POSTing to a URL with a query string GET+POST, it is a POST. The semantics matter! – Dan Grossman Jul 18 '11 at 19:09
  • @Karolis A HTTP Request is sent from the browser to the server of a web page. The request is either HTTP GET, HTTP POST, HTTP DELETE, HTTP PUT or something else. HTTP GET only send an url to the server, and asks for information based on this url. PHP parses the url so every parameter after the questionmark is passed to the $_GET array. HTTP POST send an url to the server, along with some other data. This url can still contain parameters after a questionmark, and PHP still passes these parameters to the $_GET array. But it is no longer a HTTP GET request, technically. – Jan Sverre Jul 20 '11 at 07:45
  • Thats why .NET calls this Request.QueryString instead of $_GET, because $_GET do not have anything to do with HTTP GET. (but $_POST has very much to do with HTTP POST) So, a HTTP request cannot be both GET and POST, but the PHP arrays $_GET and $_POST can both contain data in the same request. – Jan Sverre Jul 20 '11 at 07:46
  • @Jannis My opinion is very similar to @ symcbean's answer. It seems that everything depends on selected point of view. Because we all understand how it technically works there is no point to discuss about it anymore :) – Karolis Jul 20 '11 at 10:59
1

Actually i think that if you do:

var id= $('#id').val();
var itemid= $('#itemid').val();
var comment= $('#comment').val();
var url = 'AddComment.php?id='+id;
var data = { itemid: itemid, comment: comment }
$.post(url, data, successFunction);

your itemId will be sent throu POST and the ID through GET and php will recognize it (i sometimes do that using the action of the form but not through ajax).

BTW - why do you need this?Why not send everything through POST?

Nicola Peluchetti
  • 76,206
  • 31
  • 145
  • 192
  • "BTW - why do you need this?Why not send everything through POST?" My basic rule of thumb is to use POST when a request involves writing something to the database. However, I've been wondering if anything would justify GET/POST hybriding. So, I'd be interested to hear how/why you send an ID through GET :) – James P. Jul 18 '11 at 14:03
  • Well actually i do that (mixing POST/GET) quite often, thanx to symcbean i also have some background on the subject! :) – Nicola Peluchetti Jul 18 '11 at 14:11