Re: Query Parameters in POST method from Diwakar Shetty on 2002-11-21 (www-talk@w3.org from November to December 2002)

From: Diwakar Shetty <Diwakar.Shetty@oracle.com>
Date: Thu, 21 Nov 2002 10:56:42 +0530
To: www-talk@w3.org
Message-ID: <3DDC6E92.A05AC32F@oracle.com>

Thanks Ian

I went through RFC 2616

Indeed, there is no mention about restrictions on URI/URL so far as POST method is concerned.

The only thing suggested in the RFC is that
-----------------------------------------------------------------------
15.1.3 Encoding Sensitive Information in URI's
   Authors of services which use the HTTP protocol SHOULD NOT use GET
   based forms for the submission of sensitive data, because this will
   cause this data to be encoded in the Request-URI
-----------------------------------------------------------------------

Thanks
Diwakar


Ian Clelland wrote:

> On Wed, Nov 20, 2002 at 08:25:57PM +0530, Diwakar Shetty wrote:
> > In case the method in a URL is a POST method,
> > then is that the query parameters are ignored.
> >
> > e.g:
> > POST /www.google.com/search?hl=en&ie=UTF
> >
> > Will this result in the the query parameters "hl=en&ie=UTF" to be ignored as per HTTP standards ??
>
> Actually, the HTTP standard doesn't say anything about GET query
> parameters, or how they relate to POST entities. As far as HTTP is
> concerned, "/search?hl=en&ie=UTF" is the entire URL.
>
> In fact, HTTP doesn't even know anything about "parameters" as such. The
> standard for encoding form variables in "name=value&name2=value2" format
> is defined in the HTML specifications. All that HTTP sees is URLs and
> data attached to POST requests. It is up to the server to decide what to
> do with the URL it receives in the request, as well as with the attached
> POST entity.
>
> If a query parameter is specified both as part of the URL and in POST
> data, some applications (such as PHP) will only take one instance --
> which one depends on the server configuration. In other applications,
> such as a CGI, the program will have access to both parameters.
>
> So, while some people have already replied to your query with "no" or "I
> can read both", the answer is really 'it depends'. The HTTP standard
> doesn't say to ignore any data that comes in, but the data that you will
> have access to depends on the server-side applications you run.
>
> Hope this helps,
>
> Ian Clelland
> <ian@veryfresh.com>

Received on Thursday, 21 November 2002 00:26:45 UTC