is it safe to use GET requests for database tasks? i think it is, no body might tpye it in the adress bar right? my freind thinks we should use POST but i tell him POST is for liek 4chan and stuff not for something else
Name:
Anonymous2012-09-17 22:05
POST MY ANUS
Name:
Anonymous2012-09-17 22:23
Use GET for retrieving but always use POST if the database is updated.
And possibly a security hash of all the inputs, with a secret salt so that you can verify the request server-side came from someone with the secure salt? I dunno, fuck the web.
The verb GET is best used to only retrieve from some source and should not change anything. POST should be used if you want to add something or modify it. GET is suppose to be "safe" meaning it can make the same request and get the same result and not have any side effects. Anyways, you can use GET to do it, it up to you.
Name:
Anonymous2012-09-18 0:24
If you use GET to alter data then a web crawler could fuck up your site inadvertently. http://thedailywtf.com/Comments/WellIntentioned-Destruction.aspx 208.77.188.166 example.com - [25/Jan/2009:08:29:00 +0100]
"GET /theCMS/pageEditor.php?action=deletePage&pageId=93
HTTP/1.0" 302 11605 "-" "ia_archiver"
208.77.188.166 example.com - [25/Jan/2009:08:29:24 +0100]
"GET /theCMS/pageEditor.php?action=deletePage&pageId=94
HTTP/1.0" 302 11605 "-" "ia_archiver"
208.77.188.166 example.com - [25/Jan/2009:08:30:00 +0100]
"GET /theCMS/pageEditor.php?action=deletePage&pageId=95
HTTP/1.0" 302 11605 "-" "ia_archiver"
LOL!
The opposite (and less severe, but also irritating) problem is when a search page makes it impossible to boomark because it's generated from a POST request.
>>5,6
I am the 1000 of my GET.
HTML is my body, and DTD is my blood.
I have created over 999 POSTs.
Unaware of AJAX.
Nor aware of HTML5.
Withstood DDoS to create many 200 OKs.
Waiting for one's acknowledgement.
I have no regrets, this was the only path.
My whole life was Unlimited poll Works.