Reputation: 3453
Which method to be used?
I have form on website which is used to search objects in database. The problem is that there are many attributes that users can search with, so I'm not sure should I use POST method to pass values to other script or should I rather put all variables in URL and make other script independent and accessible with only a link.
For example, if I would use GET method, URL would look like:
/.../searching_objects.php?a[priority][gym]=0&a[priority][clubs]=1&a[priority][shop]=1&a[priority][restaurants]=1&a[priority][pubs]=0&a[priority][pets]=1&a[priority][parking]=0&a[persons]=1&a[lat]=nondef&a[lng]=nondef&a[radius]=500&a[college]=0
- in this case, my page would be independent from previous one and it could be refreshed, or accessed not depending on previous script
But if I would use POST method, my URL would look like /.../searching_objects.php, or maybe with few variables going through URL, for switching pages. This method would obviously be dependent with previous script.
Which method is better according to this problem? Which one is more user-friendly (is it priority to be user-friendly at all in these situations?)? Are there some security reasons why to prefer one method than other?
Upvotes: 0
Views: 80
Answers (2)
Reputation: 76240
You should go with GET because POST is meant to post / create things from a form (like an article). A search box is usually considered to be just a tool to forge the correct GET url. Also people usually want to save specific searches just by copy and pasting an URL (just look at how Google managed it).
None of them is really user friendly. And you should just don't care about it. Search urls are never really user friendly.
If you secure all the inputs (like you always should) you shouldn't worry about security. Particularly in the search context there isn't that much security checks going on, you just have to fetch data from the database and print it. Just remember of SQL Injections (and XSS on the printing side) and you should be fine.
Upvotes: 1
Reputation: 174957
First and foremost, go with GET. You're GETting data, not POSTing it. POST should be used for actions that change something on the server.
As for the long URL issue, there are some things you can do:
- Separate your search pages - Provide different search pages for different search types.
- Use URL rewriting - Make use of
.htaccessandModRewriteto change a very long URL to a shorter, prettier one.
Also, you may want to reconsider how to lay out your search items (not in terms of visuality, but in terms of data management). Consider posting a different question, explaining how you lay out your current search inputs, and how could it be improved.
Upvotes: 1
Related Questions
- PHP $_REQUEST $_GET or $_POST
- Getting 'GET or POST' from url
- POST/GET in PHP
- alternative to $_POST
- Capturing variable value from URL in PHP which is best, $_GET or $_REQUEST?
- PHP $_POST, $_GET, or $_REQUEST
- PHP : Post get method, need some advice
- post vs get for URL params?
- GET vs. POST Best Practices
- how to send data in url in a different way then by using get method