9.3. Passing Form Data
There are two methods that can be used to send the form data via HTTP, GET, and POST. Each method passes the form data back to the specified form handler in name/value pairs (name of the variable/form field and its value). Only the method for passing the data varies.
The HTTP GET protocol transfers data by attaching it to the URL text passed to the form handler. You have probably noticed URLs that resemble the following:
http://www.example.com/forms.cgi?id=45677&character=Taarna
The data appears after the question mark and is in name/value pairs. For example, the variable named id has the value of 45677, and the variable character has the value of Taarna. In most cases, the variable name corresponds to field names from the form, but how they translate to values within the form handler is up to the handler itself.
Because the data is passed as plain text in the URL, it is easy to implement—you can pass data by simply adding the appropriate coding to the URL used to call the data handler. However, GET is also inherently insecure. You should never use GET to send confidential data to a handler, because the data is clearly visible in most user agents and can be easily sniffed by hackers.
The HTTP POST method passes data by encoding it in the HTTP protocol stream. As such, it is not normally visible to a user and is a more secure method to pass data, but it can be harder to implement. Thankfully, most Web technologies make passing data via POST trivial.
Note ...
Get Web Standards Programmer's Reference: HTML, CSS, JavaScript®, Perl, Python®, and PHP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
