durusmail: quixote-users: Checking if a form value came from POST or GET
Checking if a form value came from POST or GET
2003-10-13
2003-10-13
2003-10-13
2003-10-14
2003-10-14
Building scgi - lots of errors
2003-10-16
2003-10-16
2003-10-17
2003-10-22
2003-10-22
2003-10-14
Checking if a form value came from POST or GET
Simon Willison
2003-10-13
Hi all,

There doesn't currently appear to be a way of checking if data submitted
to Quixote from a form was sent by POST or GET. Coming from PHP, I find
this ability useful for a number of reasons:

1. By differentiating between the two the same 'key' can be used twice.
For example, a form submiting to a page called 'forms?id=1' can itself
include an id attribute in the POST data without over-riding the id in
the URL

2. My rule of thumb is "only modify data on a POST" - that way there's
no chance of someone bookmarking a URL that updates a database (for
example).

3. It is useful to be able to detect if a form has been submitted or
not. In PHP, I frequently check for POSTed data and display a form if
none is available, assume the form has been submitted if there is.

4. Security. While ensuring data has come from POST rather than GET
provides no security against a serious intruder, it does discourage
amateurs from "hacking the URL" to see if they can cause any damage.
Security through obscurity admitedly, but it adds a bit of extra peace
of mind.

Are there any plans to add this capability in a future release of Quixote?

Thanks,

Simon Willison
http://simon.incutio.com/


reply