views:

245

answers:

3

Is it a bad practice to mix GET and POST? (note this is in PHP)

e.g.

<form action="delete.php?l=en&r=homepage" method="post">
 <!-- post fields here -->
</form>
+7  A: 

Actually, this will send a POST request request to the server, so technically you aren't mixing the two together : you are using POST with url parameters. There is nothing fundamentally wrong with this, as long as you don't use your URL for parameters that should be in the form as hidden field.

There are simple rules : you use GET (possibly with URL parameters) for constant things that do not change the server, and POST for thing that modify the server. If your url parameters contained the ID of something you wanted to delete, then it would be bad practice.

Laurent Bourgault-Roy
+1 Nice and concise.
jensgram
+1  A: 

It's still a POST, you're just including a query string in the URL. I don't see a problem with this. This is probably cleaner that including those variables in the post data by using hidden input fields. Plus, on the server, you probably don't want the value of l (language?) with your post data. If it's always in the query string, you can the same code you elsewhere to determine the language, rather than having a special case for POST requests.

Joel
that's just an example =)
thephpdeveloper
+1  A: 

Nope, this is fine. I do exactly this on my company's web site, for example on the user admin page. The normal URL is:

/admin/user?name=jkugelman

Then to delete a user I post to this same page but I POST a variable instead of doing a GET as obviously deleting is a stateful action and should be done with a POST. It looks something like this:

<!-- Post back to self -->
<form action="/admin/user?name=jkugelman">
    <input type="submit" name="delete" value="Delete"
           onchange="return confirm('Are you sure?')" />
</form>
John Kugelman
Well, ideally delete would be done with a `DELETE` action, if only HTML would let you.
Kieron
i think this is quite a bad implementation if you ask me. i'll put the username in a hidden field.
thephpdeveloper