Not getting all keys in FieldStorage (Multipart form data)
Alan Kennedy
alanmk at hotmail.com
Wed Jun 4 09:38:05 EDT 2003
More information about the Python-list mailing list
Wed Jun 4 09:38:05 EDT 2003
- Previous message (by thread): Not getting all keys in FieldStorage (Multipart form data)
- Next message (by thread): Not getting all keys in FieldStorage (Multipart form data)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Max M wrote: > Here you are mixing stuff: > > action="%s/admin/additem.py?bookid=%s&image=yes" > > you should not pass parameters as part of the action. > Do it as a hidden field instead. > I think it is undefined what happens in this case. Most likely the > browser ignores the parameteres in your action, and just add those from > the form itself. > > Anyway it isn't legal. I don't think the specs specify either legality or illegality. On reading the (supposedly) definitive section of the HTML 4.01 spec on form submission, http://www.w3.org/TR/html401/interact/forms.html#submit-format it says: "The action attribute may take two values: o get: With the HTTP "get" method, the form data set is appended to the URI specified by the action attribute (with a question-mark ("?") as separator) and this new URI is sent to the processing agent. o post: With the HTTP "post" method, the form data set is included in the body of the form and sent to the processing agent." And later says "HTML 4 user agents must support the established conventions in the following cases: o If the method is "get" and the action is an HTTP URI, the user agent takes the value of action, appends a `?' to it, then appends the form data set, encoded using the "application/x-www-form-urlencoded" content type. The user agent then traverses the link to this URI. In this scenario, form data are restricted to ASCII codes. o If the method is "post" and the action is an HTTP URI, the user agent conducts an HTTP "post" transaction using the value of the action attribute and a message created according to the content type specified by the enctype attribute. For any other value of action or method, behavior is unspecified." ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ My reading of this is that the OP should do as Max says: don't use query parameters in the action URI as well as data in the entity body. Although an argument could be made that the technique is valid, it is not explicitly mentioned in the HTML spec, and therefore the "behaviour is unspecified". For example, the recommended action for the "GET" method says "the user agent takes the value of action, appends a `?' to it...", which implies that there shouldn't be a "?" there already, as in the OPs code. The CGI "spec" specifies two different mechanisms for providing access to the two different types of query data. URI query data, after the "?", should be made available in the "QUERY_STRING" environment variable, whereas POSTed or PUT form data should be made available on standard input. There is no specification of what to do when both forms of data are specified, and therefore no guidance on what the cgi.py module should do. http://hoohoo.ncsa.uiuc.edu/cgi/env.html Best to follow the simple rules stated than try to interpret situations outside the explicitly stated rules. HTH, -- alan kennedy ----------------------------------------------------- check http headers here: http://xhaus.com/headers email alan: http://xhaus.com/mailto/alan
- Previous message (by thread): Not getting all keys in FieldStorage (Multipart form data)
- Next message (by thread): Not getting all keys in FieldStorage (Multipart form data)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list