Preventing GET and POST from getting mixed-up

xaphod has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing a mod_perl handler. Nothing exciting, just learning the art and having fun. Only I've hit a little snag-ette...

I have a form like this:

  <form action="" method="post">
  <input type="hidden" name="form" value="login">
  name <input type="text" name="name">
  password <input type="text" name="pass">
  </form>
[download]

I can get the results of this form easilly using Apache::Request.

    print "\nParameters:\n";
    my $apr = Apache::Request->new($r);
    my @params = $apr->param;
    if (@params) {
        for my $param (@params) {
            print "    $param: ", $apr->param($param), "\n";
        }
    } else {
        print "NO PARAMETERS\n";
    }
[download]

Which gives me:

  Parameters:
    form: login
    name: username
    pass: password
[download]

Which is fine. However, if the URL this is posted to has a GET query string such as http://www.mine.org/handler?name=foo then I get this:

  Parameters:
    name: foousername  ## ---- an array
    form: login
    pass: password
[download]

So, obviously, Apache::Request does not differentiate between GET and POST data. However, I'd like to keep the two seperate. So my question to my fellow monks.... What would be the best way to stop my GET data and my POST data getting mixed up?

I can think of a couple of ways to do it. But I'd like to find a simple, efficient, and elegant solution.

--
TTFN, FNORD

xaphod

Comment on Preventing GET and POST from getting mixed-up Select or Download Code

Replies are listed 'Best First'.
Re: Preventing GET and POST from getting mixed-up by liz (Monsignor) on Aug 19, 2003 at 08:20 UTC
Some people might consider that a feature. But if you don't, and assuming you're using mod_perl 1.*, you might want to have a look at the "args" method. If that returns anything, you will have had parameters specified in the query string. And you could remove those arguments from what Apache::Request is returning to you. Hope this helps. Liz	[reply]
Re: Re: Preventing GET and POST from getting mixed-up by esh (Pilgrim) on Aug 19, 2003 at 08:34 UTC
What if the same parameter names are specified both in the GET parameters and the POST parameters? Do you need to differentiate between these and know which values were passed in which place? -- Eric Hammond	[reply]
Re: Re: Re: Preventing GET and POST from getting mixed-up by liz (Monsignor) on Aug 19, 2003 at 08:41 UTC
I'm afraid so. I'd appreciate it if someone would know a better way, as I will soon have to deal with this myself as well. Liz	[reply]
Re: Re: Re: Re: Preventing GET and POST from getting mixed-up by xaphod (Monk) on Aug 21, 2003 at 09:31 UTC
Re: Re: Re: Preventing GET and POST from getting mixed-up by xaphod (Monk) on Aug 19, 2003 at 08:39 UTC
Do you need to differentiate between these and know which values were passed in which place? Ideally, yes. -- TTFN, FNORD xaphod	[reply]
Re: Preventing GET and POST from getting mixed-up by Juerd (Abbot) on Aug 19, 2003 at 08:36 UTC
Combining GET and POST stuff is a feature, but I don't like the feature. So for PLP, I did something different. I wanted hashes. There is string => value data, and hashes are the most Perlish interface. Their elements interpolate much easier than method calls. I have `%get` for the query string stuff and `%post` for the POST stuff. `%post` is not built until you need it. Should anyone like to have these combined into one, then they can use `%fields`. `$get{'foo'}` is always one item. If there were multiple foos, they're in the arrayref `$get{'@foo'}`. I hate being surprised by nullbytes or array references :) Have a look at PLP::Fields. Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }	[reply]
Re: Preventing GET and POST from getting mixed-up by derby (Abbot) on Aug 19, 2003 at 17:13 UTC
The way I've tackled this before is to retrieve the GET args and then retrieve any POST params. You then have two query strings that you would have to manually parse. `# First get any GET params my $qgs = $r->args; # If we also have POST params if( $r->method_number == M_POST ) { $qps = $r->content; }` [download] There's plenty of code around (CGI) that can show you how to correctly split the query strings (taking into account the two param separators and multiple params). -derby	[reply] [d/l]
Re: Preventing GET and POST from getting mixed-up by cfreak (Chaplain) on Aug 19, 2003 at 13:19 UTC
Disclaimer: this is all IMHO :) Really, I think the most correct way is to not mix GET and POST methods. If you need to pass parameters to your script along with your form then pass them as hidden fields with your POST and if you're using GET, just use URLs. That way you can use the `$ENV{REQUEST_METHOD}` to know how your user accessed the script, and still do whatever you need to with the named parameters. Really, what difference does it make how they were passed to the script? Again IMHO Lobster Aliens Are attacking the world!	[reply] [d/l]
Re: Re: Preventing GET and POST from getting mixed-up by xaphod (Monk) on Aug 19, 2003 at 14:48 UTC
Disclaimer: this is all IMHO :) Well, your opinion is perfectly valid, and in that past that's how I've done things (eventually I may giveup on this particular intellectual challenge and just do it as you suggest). But, if possible, I'd like to avoid the need to specify an action in my forms, having my form POSTed to the current URL, which may (or may not) include GET vars. -- TTFN, FNORD xaphod	[reply]