Labels

HTTP Methods: GET vs. POST

The two most used HTTP methods are: GET and POST.

What is HTTP?

The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.
HTTP works as a request-response protocol between a client and server.
A web browser may be the client, and an application on a computer that hosts a web site may be the server.
Example: A client (browser) submits an HTTP request to the server; then the server returns a response to the client. The response contains status information about the request and may also contain the requested content.

Two HTTP Request Methods: GET and POST

Two commonly used methods for a request-response between a client and server are: GET and POST.
  • GET - Requests data from a specified resource
  • POST - Submits data to be processed to a specified resource

The GET Method

Note that the query string (name/value pairs) is sent in the URL of a GET request:
/test/demo_form.asp?name1=value1&name2=value2


Some other notes on GET requests:
  • GET requests can be cached
  • GET requests remain in the browser history
  • GET requests can be bookmarked
  • GET requests should never be used when dealing with sensitive data
  • GET requests have length restrictions
  • GET requests should be used only to retrieve data

The POST Method

Note that the query string (name/value pairs) is sent in the HTTP message body of a POST request:

POST /test/demo_form.asp HTTP/1.1
Host: abc.com
name1=value1&name2=value2


Some other notes on POST requests:
  • POST requests are never cached
  • POST requests do not remain in the browser history
  • POST requests cannot be bookmarked.

    Compare GET vs. POST

    The following table compares the two HTTP methods: GET and POST.
      GET POST
    BACK button/Reload Harmless Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)
    Bookmarked Can be bookmarked Cannot be bookmarked
    Cached Can be cached Not cached
    Encoding type application/x-www-form-urlencoded application/x-www-form-urlencoded or multipart/form-data. Use multipart encoding for binary data
    History Parameters remain in browser history Parameters are not saved in browser history
    Restrictions on data length Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters) No restrictions
    Restrictions on data type Only ASCII characters allowed No restrictions. Binary data is also allowed
    Security GET is less secure compared to POST because data sent is part of the URL

    Never use GET when sending passwords or other sensitive information!    		 POST is a little safer than GET because the parameters are not stored in browser history or in web server logs
    Visibility Data is visible to everyone in the URL Data is not displayed in the URL
 if you wants to know about information security more then like my facebook page
Labels:

Comments

Post a Comment

Popular Posts