Chapter 8. Form Handling
The usual way you collect information from your users is to use HTML forms. Whether you let the browser submit the form normally, use Ajax, or employ fancy frontend controls, the underlying mechanism is generally still an HTML form. In this chapter, we’ll discuss the different methods for handling forms, form validation, and file uploads.
Sending Client Data to the Server
Broadly speaking, your two options for sending client data to the server
are the querystring and the request body. Normally, if you’re using the querystring, you’re making
a GET request, and if you’re using
the request body, you’re using a POST request. (The HTTP protocol doesn’t
prevent you from doing it the other way around, but there’s no point to it:
best to stick to standard practice here.)
It is a common misperception that POST is secure and GET is not: in
reality, both are secure if you use HTTPS, and neither is secure if you
don’t. If you’re not using HTTPS, an intruder can look at the body data
for a POST just as easily as the querystring of a GET request.
However, if you’re using GET requests, your users will see all of their
input (including hidden fields) in the querystring, which is ugly and
messy. Also, browsers
often place limits on querystring length (there is no such restriction for
body length). For these reasons, I generally recommend using POST for
form submission.
HTML Forms
This book is focusing on the server side, but it’s important to understand some basics ...
Get Web Development with Node and Express, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
