Hidden post input, or get variable?
Let's say you're making a blog application, and you're trying to decide how to build the comment form for a particular post. Would you
- put the
blog_post_id
as a hidden form field in the comment form, or would you - set the form action to
post_comment?blog_post_id=<id>
and then grab it from theGET
variable instead?
Why?
My 2 cents:
If you put it into POST, then all your variables are in a consistent location when you're trying to process the form. However, I find that often the blog_post_id
will be in the URL anyway, so you're sending a tiny开发者_运维百科 bit of extra unneeded data (and have to go through the work of printing the hidden field).
Technically there really isn't a whole lot of difference between the two options. Personally, I'd go with the hidden POST
because the URL looks cleaner and you won't have to worry about URL escaping the value*
.
*
That should be a non-issue for a numeric id, but oh well...
Re Edit:
However, I find that often the
blog_post_id
will be in the URL anyway...
This is totally up to you. If you want it there, you can put it there, but you don't need to.
...and have to go through the work of printing the hidden field.
Again, there really isn't a whole lot of difference...
<form action="/post_comment?post_id=<?php echo $id; ?>">
vs.
<form action="/post_comment">
<input type="hidden" name="post_id" value="<?php echo $id; ?>" />
The hidden input provides a better separation of concerns (on a micro-scale) and is IMHO slightly more readable, while the GET
variable is one line less code... Take your pick. :)
I will select the first option which seems to be better. If you use second options, the one with the GET, i am allowing users to tamper with my comment form which is bad and sometimes can create security issues if you do not pay attention to that.
精彩评论