Google Adsense and form method Get helps identify bad code

Every good web programmer knows the tradeoff of a GET versus a POST request. If you want a user to be able to bookmark a page that takes parameters the GET request is the way to go. If it’s a one-time form submission (especially one that causes data to change in the database) the POST request is your only choice.

This was made especially evident while we were debugging some ancient perl code the other day. Basically it was a page on my company’s site that let a user subscribe to a newsletter. It did so with your standard <form action=”foo.cgi”> and neglected to specific the method of GET or POST, so the browser of course defaults to a GET. Anyhow, we were seeing users getting signed up for duplicate copies of the same newsletter (which also pointed to a lack of proper database constraints).

So to test it we tailed the Apache access log on the dev server as we signed up for a newsletter. Rather than seeing just 1 hit to the signup script we saw 2. The User Agent string made it apparent, one was Mozilla (me) and the other was (Google Adsense). We do run adsense on the site and so for Google to figure out which ads to display on the page, it was hitting the same page we were with the same GET parameters causing the duplicate signup. Fortunately the test server we were using was outside our firewall where the Google Adsense bot can access it. Otherwise I would have had a really tough time reproducing the problem.

Anyhow, adding proper database constraints and switching it to a POST request fixed our problem but it was an interesting lesson. Before the days of Adsense you could often skate by with the sloppy combination of weak database constraints and forgetting to specify that a form should be method=”POST”.

Posted in Web | Leave a comment