| home / programming / php_mysql / 1 |    [previous][next] |
|
|
|
As we saw in Chapter 7, “Interacting with the Server: Forms,” The POST method is similar to the GET method but differs in that it is typically used for sending data for processing to the server. Thus, it also contains additional headers with information about the format in which the data is presented, the size of this data, and a message body containing it. It is typically used to send the results from forms to the web server.
Host: www.myhostnamehooray.com User-Agent: WoobaBrowser/3.4 (Windows) Content-Type: application/x-www-form-urlencoded>BR> Content-Length: 64 |
|
The Content-Type of this request tells us how the parameters are put together in the message body. The application/x-www-form-urlencoded type means that the parameters have the same format for adding parameters to a GET request as we saw in Chapter 7 with the format
|
Thus, the POST request can be sent as a GET :
+Some+Lane&city=Somewhere&state=WA HTTP/1.1 Host: www.myhostnamehooray.com User-Agent: WoobaBrowser/3.4 (Windows) [this is a blank line] |
Many people assume that since they cannot easily see the values of the form data in POST requests that are sent to the server, they must be safe from prying eyes. However, as we have just seen, the only difference is where they are placed in the plain-text HTTP request. Anybody with a packet-sniffer who is looking at the traffic between the client and the server is just as able to see the POST data as a GET URI. Thus, it would certainly be risky to send passwords, credit card numbers, and other information unchanged in a regular HTTP request or response.
It can be difficult to understand the simple text nature of Internet protocols such as HTTP, but fortunately there is a tool that ships with most modern operating systems that lets us see this more clearly and even view the responses from the server—telnet. It is quite easy to use. On the command line, you specify the host to which you would like to connect and the port number on that host to use.You can specify the numeric value for the port (80) or the name commonly assigned to the port (http). In the absence of a port number, a port number for an interactive Telnet login session is assumed. (This is not supported by all hosts.)
On Windows, you can type from the command line or Start/Run dialog box:
On Unix and Mac OS X systems, you can enter
Most systems wait after showing something similar to the following:
You can now type a simple HTTP request to see what happens. For example, to see the headers that would be returned for asking to see the home page for a server, you can enter the following (changing Host: to the correct host name for your server):
After entering a blank line to indicate that you are done with the headers, you will see something similar to the following:
To fetch a page, you can change the request to
After entering the blank line, you will receive all of the HTML that the page would return (or an error if there is no page).
Telnet is an extremely simple yet handy utility we can use at various points to help us debug our web applications.
The application/x-form-urlencoded Content-Type shown in the previous section is an example of what are called Multipurpose Internet Mail Extensions (MIME). This is a specification that came about from the need to have Internet mail protocols support more than plain ASCII (US English) text. As it was recognized that these types would be useful beyond simple email, the number of types has grown, as has the number of places in which each is used—including our HTTP headers.
MIME types are divided into two parts—the media type and its subtype—and are separated by a forward slash character:
|
text
image
audio
video
Subtypes vary greatly for various media types, and you will frequently see some of the following combinations:
text/plain
text/html
image/jpeg
image/gif
application/x-form-urlencoded
Some MIME types include additional attributes after the type to specify things, such as the character set they are using or the method via which they were encoded:
We will not often need MIME types throughout this book, but when we do, the values will mostly be the preceding application/x-form-urlencoded, text/html, and image/jpeg types.
As people came to understand the risks associated with transmitting plain text over the Internet, they started to look at ways to encrypt this data. The solution most widely used today across the WWW is Secure Sockets Layer (SSL) encryption. SSL is largely a transport level protocol. It is strictly a way to encode the TCP/IP traffic between two computers and does not affect the plain text HTTP traffic that is sent across the secure transaction.
| home / programming / php_mysql / 1 | [previous][next] |
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Created: March 27, 2003
Revised: September 26, 2005
URL: http://webreference.com/programing/php_mysql/1
