I'm creating a filter page, but this page will have many fields for the user to fill, select, and this will search the mysql database and return the data to the user on another page.
One of the doubts that I have, that being many fields, with fields of type select, input's [text, option, checkbox], is if I send the data by get or is in this case step by post?
It's best to use POST for this type of action, especially if you have some textarea field where content can be very large and can extrapolate the url limit (although it does not have an established limit, servers are usually limited, and it is advisable to use URL's less than 2000 characters.
Summarizing I think more secure post.
The GET method
GET, one of the HTTP methods, is fired through an HTML form via the method = get directive included in the tag. By using this method, the data contained in the form is first transmitted to the server software and the server software temporarily stores the data in a context variable called QUERY_STRING.
A CGI script, called through the action = directive included in the initial form tag, needs to extract the data from this context variable in order to get the data sent to it (see also context variables). Using Perl, for example, you can extract this data with $ data_form = $ ENV {'QUERY_STRING'};.
When an HTML form uses the GET method, the data stream is separated from the URL address that calls the CGI through a question mark (?). This form of addressing and separation can be observed in the address field of the user's browser, right after the form has been sent. You'll see something like:
link The POST method
POST, also an HTTP method, is fired through an HTML form via the method = post directive included in the tag.
This method causes the form data to be directly passed to the address that is in the action = directive. A CGI script, called by action =, needs to extract the data through the standard input (standard input) in order to obtain the data transmitted by the form. You can, for example, use Perl and indicate read (STDIN, $ Data, $ ENV {'CONTENT_LENGTH'}).
Note that the program needs to get the value of the CONTENT_LENGTH context variable to know how many characters need to be read through the standard input. This is necessary because there is no separator character in the data stream.
The importance of knowing the method
If you want to make use of a ready CGI script, you need to know by which of the two methods the script expects to receive data. This is usually documented by the script's author. Some smarter scripts test both methods - in this case, no matter what data transfer method you use on the form - both will work.
If you are going to write your own scripts, be sure to determine the method that should be used on the form. Or program smart: Leave the script ready for both methods.
Data Flow in Forms Data Transmission
A typical HTML form is composed of nominated fields (for example for name, address, and comment). In the transmission of the completed form to the web server / CGI program, the data must be transmitted in such a way that the CGI script is able to identify form fields and their values. This is why there is a specific encoding method that separates form fields from their respective values. This encoding method is based on the following rules:
. Each of the form elements, including their values, are separated from each other by the & ("and" commercial or ampersand); . The name and value (data) of a form element are separated by = (equal sign); . Blank spaces in the data (eg multiple words) are replaced by + (plus sign); . All extended ASCII characters, with values from 128 to 255 (hexadecimal 80 to FF), are replaced by a set consisting of the% (percent) sign followed by the hexadecimal value of the character (eg our ç (c cedilha) is replaced by% E7); . All characters used in these rules as delimiters (that is, & amp ;, +, =, and%) are also converted to hexadecimal following the same rule for extended ASCII characters.
