Hidden post input, or get variable?_问答_开发者

开发者 https://www.devze.com 2022-12-20 17:11 出处：网络

Let\'s say you\'re making a blog application, and you\'re trying to decide how to build the comment form for a particular post. Would you

Let's say you're making a blog application, and you're trying to decide how to build the comment form for a particular post. Would you

put the blog_post_id as a hidden form field in the comment form, or would you
set the form action to post_comment?blog_post_id=<id> and then grab it from the GET variable instead?

Why?

My 2 cents:

If you put it into POST, then all your variables are in a consistent location when you're trying to process the form. However, I find that often the blog_post_id will be in the URL anyway, so you're sending a tiny开发者_运维百科 bit of extra unneeded data (and have to go through the work of printing the hidden field).

Technically there really isn't a whole lot of difference between the two options. Personally, I'd go with the hidden POST because the URL looks cleaner and you won't have to worry about URL escaping the value*.

* That should be a non-issue for a numeric id, but oh well...

Re Edit:

However, I find that often the blog_post_id will be in the URL anyway...

This is totally up to you. If you want it there, you can put it there, but you don't need to.

...and have to go through the work of printing the hidden field.

Again, there really isn't a whole lot of difference...

<form action="/post_comment?post_id=<?php echo $id; ?>">

vs.

<form action="/post_comment">
<input type="hidden" name="post_id" value="<?php echo $id; ?>" />

The hidden input provides a better separation of concerns (on a micro-scale) and is IMHO slightly more readable, while the GET variable is one line less code... Take your pick. :)

I will select the first option which seems to be better. If you use second options, the one with the GET, i am allowing users to tamper with my comment form which is bad and sometimes can create security issues if you do not pay attention to that.