tags:

views:

78

answers:

1
Q: 

Web Proxy (PHP & curl), AJAX and Multidimensional associative $_POST Array or $_SERVER['QUERY_STRING']?

I've got an html form that submits via AJAX (jquery Form Plugin) to a PHP Web Proxy on my server. The web proxy uses curl to POST to a third party script.

My html form has inputs with names like p[fname], p[lname], c[name], p[loc], p[loc][email], p[loc][email][detail]. The names are specified by the third party application.

When I use GET to submit the form to the web proxy, I can simply do the following to transmit the form data successfully to the third party script inside a curl request:

$postvars = $_SERVER['QUERY_STRING'];
curl_setopt ($session, CURLOPT_POSTFIELDS, $postvars);

Question #1: Is there anything 'wrong' with using GET to submit the form data to my web proxy? As I mentioned, it works fine, and requires less coding. $_SERVER['QUERY_STRING'] has exactly the data I need to pass to the third party via POST, in exactly the correct format.

Question #2: If there is a compelling reason to use POST to submit to my web proxy, what's the best way to loop through the multidimensional associative array in $_POST in order to build $postvars dynamically, without having to hard code any key values?

Note: The html form is not mission-critical and the data submitted by it goes into an approval cue in the third party service. It's not inserted directly into the production data.

A: 

As the names already say, GET should be used if you only want to get data without changing data on the server side.
Same way, POST should be used if the request changes data on the server side.

So you should select the method depending on what your request does. Also note that URLs are of limited length so you cannot put e.g. an arbitrary amount of text into a GET parameter.

And after reading your question completely (:-D) it seems that your request changes (in this case adds) data which means using POST is the more correct way. But as you only send it via GET to your proxy and then via POST to the other app, as long as it works, it is fine.
It only depends on what type of data you send.

Felix Kling  2010-01-08 11:44:40
Thanks! I'm familiar with general rules for when GET and POST should be used. Since the GET->POST works here, and requires less coding, I'm trying to get some opinions on:1. Whether it's OK to break this rule in cases such as this one.2. Whether there are any really compelling reasons (e.g. security) that I should stick to POST rather than GET in this situation.
Tex  2010-01-08 13:59:10
As I said in your case it probably depends only the type of data you send (length of URL). Regarding security: POST is not securer than GET. If you intercept a HTTP request you can read every data no matter wether it is POST or GET. You can also tamper POST data, there are plugins for Firefox for it. So there is no big difference.
Felix Kling  2010-01-08 14:18:04

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases