Clinton Gormley wrote:
Are you using a different version? Or is it the fact that you're
POSTing it?
Sorry for the lecture, but I see this so often that it seems it deserves
repeating :
To send the content of a <form> to a webserver, you can use either a
POST or a GET method.
You should use a GET, if the result of sending this to the server, is
not going to modify anything on the server, and if re-sending the same
request several times would always give the same result.
In technical jargon, that is called "idempotent".
You should use POST if it is not the case, in other words if what you
are sending is going to modify something, and multiple identical
requests would be "not idempotent".
Neither of the above says how you are passing the data to the server
however. This is something else entirely.
Separately from the above, and usable with either one, is the question
of how you are passing the data of your request to the server.
This you can also do in two different ways :
- encoded as "application/x-www-form-urlencoded"
- or encoded as "multipart/form-data"
"application/x-www-form-urlencoded" is the default, and it means that
you are passing the form data appended at the end of the URL, preceded
by a "?" sign, as one long string of the form
"name1=value1&name2=value2..." etc..
usually known as "the query string".
That is easy to do, but has the inconvenient that the server does not
really know in which character set these things are. This can play
havoc with internationally-minded applications.
It can also have the result that the request may be truncated after a
certain maximum length, by some intervening actor.
"multipart/form-data" is more complicated and harder to do, and is
described here :
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4
but it has the advantage that each of the "name=value" pairs can be as
long as you want, and that the type of data and encoding of each is clear.
In neither of the above though, is it allowed in the specs to send a
"name=value" pair where there is no name. And if name there is, the
specs do define what is allowed it in, and "" is not among these.
Now which combination of the above some clever javascript function may
decide to use when sending the form content to the server, is another
matter.
But as Phil rightly said, garbage in, garbage out.
Whether the server software can deal or not with some forms of invalid
data, is rather outside of the question. It is certainly not obliged to.
And the request data of which it is originally the question here is
certainly, without a doubt, invalid.
In my opinion thus, the OP should first take whatever measure is
appropriate to ensure that his application sends only valid data, and
then come back if there is still a problem.
