Edit: It's been a few years since I originally posted this answer, and even though I got a few upvotes, I'm not really happy with my previous answer, so I have redone it completely.
(编辑:距离我最初发布此答案已经好几年了,尽管我获得了一些支持,但是我对之前的答案并不满意,因此我已经完全重做了。)
I hope this helps.(我希望这有帮助。)
When to use GET and POST :(何时使用GET和POST :)
One way to get rid of this error message is to make your form use GET instead of POST .
(消除此错误消息的一种方法是使您的表单使用GET而不是POST 。)
Just keep in mind that this is not always an appropriate solution (read below).(请记住,这并不总是合适的解决方案 (请参阅下文)。)
Always use POST if you are performing an action that you don't want to be repeated, if sensitive information is being transferred or if your form contains either a file upload or the length of all data sent is longer than ~2000 characters .
(如果您要执行的操作不想重复执行,或者正在传输敏感信息,或者您的表单包含文件上传或者发送的所有数据的长度都超过?2000个字符 ,请始终使用POST 。)
Examples of when to use POST would include:
(何时使用POST示例包括:)
In any of these cases, you don't want people refreshing the page and re-sending the data.
(在任何情况下,您都不希望人们刷新页面并重新发送数据。)
If you are sending sensitive information, using GET would not only be inappropriate, it would be a security issue ( even if the form is sent by AJAX ) since the sensitive item (eg user's password) is sent in the URL and will therefore show up in server access logs.(如果您要发送敏感信息,则使用GET不仅不恰当,而且还存在安全问题( 即使表单是由AJAX发送的 ),因为敏感项(例如用户的密码)是通过URL发送的,因此会显示出来在服务器访问日志中。)
Use GET for basically anything else.
(基本上将GET用于其他任何事情。)
This means, when you don't mind if it is repeated, for anything that you could provide a direct link to, when no sensitive information is being transferred, when you are pretty sure your URL lengths are not going to get out of control and when your forms don't have any file uploads.(这意味着,当您不介意重复时,对于可以提供直接链接的任何内容,当不传输敏感信息时,当您确定URL长度不会失控时,以及当您的表单没有任何文件上传时。)
Examples would include:
(示例包括:)
In these cases POST would be completely inappropriate.
(在这些情况下,POST将是完全不合适的。)
Imagine if search engines used POST for their searches.(想象一下搜索引擎是否使用POST进行搜索。)
You would receive this message every time you refreshed the page and you wouldn't be able to just copy and paste the results URL to people, they would have to manually fill out the form themselves.(每次刷新页面时,您都会收到此消息,而您不能仅将结果URL复制并粘贴给用户,他们必须自己手动填写表格。)
If you use POST :(如果您使用POST :)
To me, in most cases even having the "Confirm form resubmission" dialog pop up shows that there is a design flaw.
(对我来说,在大多数情况下,即使弹出“确认表单重新提交”对话框,也表明存在设计缺陷。)
By the very nature of POST being used to perform destructive actions, web designers should prevent users from ever performing them more than once by accidentally (or intentionally) refreshing the page.(通过使用POST来执行破坏性操作的本质,Web设计人员应通过意外(或有意)刷新页面来防止用户多次执行这些操作。)
Many users do not even know what this dialog means and will therefore just click on "Continue".(许多用户甚至不知道此对话框的含义,因此只需单击“继续”。)
What if that was after a "submit payment" request?(如果那是在“提交付款”请求之后怎么办?)
Does the payment get sent again?(是否会再次发送付款?)
So what do you do?
(所以你会怎么做?)
Fortunately we have the Post/Redirect/Get design pattern.(幸运的是,我们有Post / Redirect / Get设计模式。)
The user submits a POST request to the server, the server redirects the user's browser to another page and that page is then retrieved using GET.(用户向服务器提交POST请求,服务器将用户的浏览器重定向到另一个页面,然后使用GET检索该页面。)
Here is a simple example using PHP:
(这是一个使用PHP的简单示例:)
if(!empty($_POST['username'] && !empty($_POST['password'])) {
$user = new User;
$user->login($_POST['username'], $_POST['password']);
if ($user->isLoggedIn()) {
header("Location: /admin/welcome.php");
exit;
}
else {
header("Location: /login.php?invalid_login");
}
}
Notice how in this example even when the password is incorrect , I am still redirecting back to the login form.
(请注意,即使密码不正确 ,在此示例中,我仍将重定向回登录表单。)
To display an invalid login message to the user, just do something like:(要向用户显示无效的登录消息,只需执行以下操作:)
if (isset($_GET['invalid_login'])) {
echo "Your username and password combination is invalid";
}
