GET
method is preferred to be for Read-only actions and Post method for actions
that modify/manipulate the data. However, it’s just a best practice and even
Get can be used to manipulate data.
The GET Method
It requests data from a specified resource.
Note that the query string (name/value pairs) is sent
in the URL of a GET request:
/test/demo_form.aspx?name1=value1&name2=value2
Some other notes on GET requests:
- GET requests can be cached
- GET requests remain in the browser history
- GET requests can be bookmarked
- GET requests should never be used when dealing with sensitive data
- GET requests have length restrictions
- GET requests should be used only to retrieve data
The POST Method
It submits
data to be processed to a specified resource.
Note that the query string (name/value pairs) is sent
in the HTTP message body of a POST request:
POST
/test/demo_form.aspx HTTP/1.1
Host: abc.com
name1=value1&name2=value2
Host: abc.com
name1=value1&name2=value2
Some other notes on POST requests:
- POST requests are never cached
- POST requests do not remain in the browser history
- POST requests cannot be bookmarked
- POST requests have no restrictions on data length
GET vs. POST
|
|
GET
|
POST
|
|
BACK button/Reload
|
Harmless
|
Data will be re-submitted (the browser should alert
the user that the data are about to be re-submitted)
|
|
Bookmarked
|
Can be bookmarked
|
Cannot be bookmarked
|
|
Cached
|
Can be cached
|
Not cached
|
|
Encoding type
|
application/x-www-form-url encoded
|
application/x-www-form-url encoded or
multipart/form-data. Use multipart encoding for binary data
|
|
History
|
Parameters remain in browser history
|
Parameters are not saved in browser history
|
|
Restrictions on data length
|
Yes, when sending data, the GET method adds the data
to the URL; and the length of a URL is limited (maximum URL length is 2048
characters)
|
No restrictions
|
|
Restrictions on data type
|
Only ASCII characters allowed
|
No restrictions. Binary data is also allowed
|
|
Security
|
GET is less secure compared to POST because data sent
is part of the URL
Never use GET when sending passwords or other sensitive information! |
POST is a little safer than GET because the
parameters are not stored in browser history or in web server logs
|
|
Visibility
|
Data is visible to everyone in the URL
|
Data is not displayed in the URL
|
No comments:
Post a Comment