durusmail: quixote-users: Checking if a form value came from POST or GET
Checking if a form value came from POST or GET
2003-10-13
Simon Willison
2003-10-13
Neil Schemenauer
2003-10-13
Simon Willison
2003-10-13
amk@amk.ca
2003-10-14
Simon Willison
2003-10-14
Neil Schemenauer
2003-10-14
Anton Benard
Building scgi - lots of errors
2003-10-16
T. Egbert
2003-10-16
Michael Watkins
2003-10-17
Jon Dyte
2003-10-22
T. Egbert
2003-10-22
Neil Schemenauer
2003-10-22
T. Egbert
2003-10-14
Neil Schemenauer
2003-10-14
Martin Maney
Checking if a form value came from POST or GET
Anton Benard
2003-10-14
On Tue, Oct 14, 2003 at 11:03:16AM +0100, Simon Willison wrote:
> I've never seen anything to support the idea that query string
> information should be ignored if a form has been POSTed.

Well now you have.

> I would argue that doing so is a fundamentally bad idea as you are
> throwing away information that has been sent to the server from the
> client without any specification having told you to throw that
> information away. No other server side technology I have seen has
> discarded query string information sent with POST requests, so the
> defacto standard in the absence of clarification from a specification
> would be to keep it.

The query string is not thrown away, you can still get it using
request.get_environ("QUERY_STRING").

> """
> In particular, the convention has been established that the GET and HEAD
> methods SHOULD NOT have the significance of taking an action other than
> retrieval. These methods ought to be considered "safe"
> """

This doesn't say anything about what you should do with the query string
during a POST request.

> How can you follow such a convention if you have no way of telling
> whether form information came in via POST or via GET?

As Neil mentioned earlier, request.get_environ('REQUEST_METHOD').

 - Anton
reply