Get has a limit of about 2k of content that can be sent thru... and there are things that are impossible to do with get, like sending files (which uses a "special" kind of post).
Get has also the problem that the form you sent will be present on the address box of the browser. Which will mean that if there are any kind of login/session info, it will get passed to the bookmark/link... (which can be a security problem or not depending on the way the forms are used).
Post has no memory limits and can handle sending of files to the web server. And won't get passed in the url/address bar.
It must be noted, that both of the methods allow for data to be tampered and looked upon... At the most parts are send thru in base64 (which is almost equal to say that it is in clear language).
To get some security in the forms/pages there is need for SSL/https
Cheers, Luis Ferro
Harpreet wrote:
Cristian,
You said by using the method in a form as Get in place of Post it allows me to use the back button without getting the error message: Warning: Page has Expired The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
I changed the post to a GET and it seems to work just right. Do I loose anything by using a get in place of a POST. How r they both different. Please help.
Thanks
"Cristian MARIN" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
This is not an error, this is a security issue: Your form has passed the form variable thru 'post' method and when you are hitting back button or reloading with a JScript the history page you see the message because the IE do not re-submit automatically the form because is a security leak.
If you really don't want to see the message appearing you have to specify in the form the "<post method='get' action='... >" and this will automatically submit the form once again.
--
-------------------------------------------------
Cristian MARIN - Developer
InterAKT Online (www.interakt.ro)
Tel: +4021 312.53.12
Tel/Fax: +4021 312.51.91
[EMAIL PROTECTED]
"Harpreet" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
