php - AJAX - Using POST instead of GET - Stack Overflow

admin管理员组

文章数量:1278985

Up until now I have been using:

xmlhttp.open("GET","server_script.php?q="+str,true);

Thanks

Edit: I am providing a solution for anyone that may e across this page to demonstrate how to use POST instead of GET. If you are new to AJAX I would remend this tutorial .asp using the GET method first.

Solution-

javascript:

xmlhttp.open("POST","script.php",true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.send('var_name='+str);

php:

$var_name = GET['var_name'];

echo $var_name;

For reasons regarding the use of POST and GET - see ments blow.

Up until now I have been using:

xmlhttp.open("GET","server_script.php?q="+str,true);

Thanks

Edit: I am providing a solution for anyone that may e across this page to demonstrate how to use POST instead of GET. If you are new to AJAX I would remend this tutorial http://www.w3schools./PHP/php_ajax_php.asp using the GET method first.

Solution-

javascript:

xmlhttp.open("POST","script.php",true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.send('var_name='+str);

php:

$var_name = GET['var_name'];

echo $var_name;

For reasons regarding the use of POST and GET - see ments blow.

• php
• javascript
• html
• ajax

Share Improve this question Follow edited Apr 13, 2011 at 13:28 Sheldon asked Apr 12, 2011 at 16:48 SheldonSheldon 10.1k2222 gold badges6262 silver badges100100 bronze badges 2

• 1 POST is not more "secure" than GET (apart from not leaving a trace in the history maybe). – Felix Kling Commented Apr 12, 2011 at 16:52
• 2 POST should be preferred for queries which change some state on the server. If you are doing a read-only query (as q= indicates), then GET is perfectly fine. (The surmised security woes concern CSRF, for which using POST only helps little.) – mario Commented Apr 12, 2011 at 16:54

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 7

this is how you would use post:

var url = "server_script.php";
var params = "q="+str;
xmlhttp.open("POST", url, true);

//Send the proper header information along with the request
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.setRequestHeader("Content-length", params.length);
xmlhttp.setRequestHeader("Connection", "close");

xmlhttp.onreadystatechange = function() {//Call a function when the state changes.
    if(xmlhttp.readyState == 4 && xmlhttp.status == 200) {
        alert(xmlhttp.responseText);
    }
}
xmlhttp.send(params);

source

The query you show is probably perfectly fine as a GET request. No need to change it.

There are reasons to use one over the other: Requests that change state on server side (i.e. change data) should generally use POST; "read" requests should be GET.

This es with an implicit security advantage because you can't do any damage by smuggling an URL into a user's page (like, showing an image whose URL points to an admin page named deleteall.php).

If your request just retrieves data, you're perfectly fine staying with GET.

See this question for an extensive discussion on when to use which. GET vs POST in AJAX?

本文标签： phpAJAXUsing POST instead of GETStack Overflow