[pLog-svn] Re: AdminLoginAction

Reto Hugi plog at hugi.to
Wed Mar 22 12:52:11 GMT 2006


On Wed, March 22, 2006 13:20, Jon Daley said:
> On Tue, 21 Mar 2006, Jesse Peterson wrote:
>>> It doesn't matter, does it? There can't be both of them in the same
>>> request :-)
>>
>> Sure there can.  You can send a send an HTTP POST to a URL like:
>> http://example.com/example.php?myparam=value.  In raw PHP you grab the
>> URL param from $_GET and the POST param from $_POST.
>>
>> Unless I'm completely wrong - which wouldn't surprise me :).
>
>  	You (Jesse) are correct.  When I code stuff I put the POST in
> higher precedence above the GET, because POSTs are a little harder to
> hack.

I think, Oscar's point is, that it doesn't matter for LifeType in terms of
security and functionality if the vars are POSTed or GETed.
The application logic has to validate user input no matter where it's from.

Not making a difference between post and get on the application level may
as well be seen as a "feature". For example you may change the post action
in the search form of most of the templates to a get action and get a more
userfriendlich and bookmarkable search result page...

reto



More information about the pLog-svn mailing list