[Bug 12561] Add the @action in the <form> so that there is a way to submit to the same page from bugzilla@jessica.w3.org on 2011-11-25 (public-html-bugzilla@w3.org from November 2011)

From: <bugzilla@jessica.w3.org>
Date: Fri, 25 Nov 2011 14:16:39 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RTwZz-0000yC-Rp@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=12561

--- Comment #36 from Luke Plant <L.Plant.98@cantab.net> 2011-11-25 14:16:38 UTC ---
(In reply to comment #33)

> You're not supposed to POST to a URL with query parameters anyway, 

Can you please provide a reference for this assertion?

> that doesn't make sense. 

This use can make perfect sense in many applications. I will give one that
doesn't use any PHP for the sake of generality.

Suppose you have a page that is showing some records. The records have a UI
that  has filters, and it uses GET forms (or links) and query parameters to
specify the filters, as you would expect.

The page also has a batch update feature that operates on the records shown on
the screen. The form is POST, as it should be, and the fields included are the
values to be updated, and only those. 

As it happens, Trac (bug software, http://trac.edgewall.org/) with the batch
modification plugin (http://trac-hacks.org/wiki/BatchModifyPlugin) does exactly
this for its ticket listing page. So also do some parts of the Django web
framework. There are no doubt countless other examples in real life.

In this example, every feature of the URL and HTTP is being used as intended -
query parameters used to specify a query, and POST parameters used to provide
data for updating. This is a completely natural way to do things, and the
alternative - putting the query in hidden fields in the form, as well as in the
URL, would be unnatural, and lead to confusion due to duplication. It is
entirely possible that the GET parameters and POST parameters may even contain
the same values:

  POST /records?foo=1&bar=2 HTTP/1.1

  foo=10

To me, it is difficult to imagine a more natural translation of the SQL "UPDATE
records SET foo=10 WHERE foo=1 AND bar=2" into HTTP.

More to the point, it is *not forbidden*. It certainly wasn't forbidden in
HTML4 or any HTTP spec I can find, and even if it was, browsers implement the
behaviour and applications depend on it.


> The query
> arguments are the form data in GET form submissions, the HTTP request body is
> the form data in POST form submissions.

That is true, but says nothing about whether URL query parameters are allowed
in POST requests.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Friday, 25 November 2011 14:16:42 UTC