Essential differences between http post get

Essential differences between http post get
I. Differences of principles
Generally, you can enter a URL in your browser to access resources by using the get method. In form submission, you can specify the submission method as get or post. The default method is get submission.
HTTP defines different methods for interaction with services. There are four basic methods: Get, post, put, and delte.
The full name of a URL is the resource descriptor. We can think that a URL address is used to describe resources on a network, while get, post, put, and delete in HTTP is
There are four operations to check, modify, add, and delete the resource. Here, you should have a rough understanding. Get is generally used to obtain/query resource information, while post is generally used
Update Resource Information (I personally think this is the essential difference between get and post, and it is also the intent of the Protocol designer. Other differences are the differences in specific forms ).

According to the HTTP specification, get is used to obtain information, and should be secure and idempotent.
1. The so-called security means that this operation is used to obtain information rather than modify information. In other words, get requests generally have no side effects. That is to say, it only obtains resource information,
Like a database query, it does not modify or add data, but does not affect the status of resources.

* Note: security only indicates that the information is not modified.
2. idempotence means that multiple requests to the same URL should return the same result. Here I will explain the concept of idempotence:
(Idempotent) is a mathematical or computer concept that is common in abstract algebra.
Idempotence has the following definitions: for a single-object operator, if the result of this operation is performed multiple times by a number within the same operation range
The result is the same as that obtained after this operation. This operation is called idempotent. For example, the absolute value is an example.
In the real number set, ABS (A) = ABS ());
For binary operations, it is required that when the two values involved in the calculation are equivalent, if the calculation result is equal to the two values involved in the calculation,
This operation is called the power equality. For example, a function that calculates the maximum values of two numbers has the power equality in the real number set, that is, Max (x, x) = x;
After reading the above explanation, you should be able to understand the meaning of the get power.

However, in practice, the above two rules are not so strict. Example of referencing others' articles: for example, the front pages of news sites are constantly updated. Although the second
The request will return a different batch of news, and this operation is still considered safe and idempotent. Because it always returns the current news. Basically, if
The goal is that when a user opens a link, he can be sure that the resource is not changed from his own perspective.

According to HTTP specifications, post indicates a request that may modify resources on the server.
Continue to reference the above example: taking a news website as an example, readers should post their comments on the news, because after the comments are submitted, the site
It is different from the resource, or the resource has been modified.

The above describes some of the principles of get and post in the HTTP specification. However, in practice, many people fail to follow the HTTP specification, resulting in
There are many reasons for this problem, such:
1. Many users are greedy and convenient. Get is used to update resources, because post must be used in the from (form), which may cause a little trouble.
2. You can add, delete, modify, and query resources by using get/post instead of using put and delete.
3. The other is that the early web MVC Framework designers did not consciously view and design URLs as abstract resources. There is another serious problem.
The traditional Web MVC framework basically only supports get and post HTTP methods, but does not support put and delete methods.

* MVC: MVC originally exists in the desktop program, M is the exponential data model, V is the user interface, and C is the controller. The purpose of using MVC is
The implementation code of M and V is separated, so that the same program can use different forms.

The above three points are a typical description of the old style (not strictly compliant with HTTP specifications). With the development of the architecture, there is now a representational State Transfer)
For more information, see <restful Web Service>.

Ii. Differences in Forms
After clarifying the differences between the two principles, let's take a look at the differences in their actual application: to understand the differences between the two in the transmission process, Let's first look at the HTTP protocol format:
HTTP request:
<Request line>
<Headers>
<Blank line>
<Request-body>]
In an HTTP request, the first line must be a request line to describe the request type, resources to be accessed, and the HTTP Version Used.
Next is a header section, which describes additional information to be used by the server. It is a blank line after the header, and then you can add
Any other data (called the body )).

Example of get and post methods:
GET/books /? Sex = Man & name = Professional HTTP/1.1
HOST: www.wrox.com
User_agent: Mozilla/5.0 (windows; U; Windows NT 5.1; en-US; RV: 1.7.6)
Gecko/20050225 Firefox/1.0.1
Connection: keep-alive

Post, HTTP, 1.1
HOST: www.wrox.com
User-Agent: Mozilla/5.0 (windows; U; Windows NT 5.1; en-US; RV: 1.7.6)
Gecko/20050225 Firefox/1.0.1
Content-Type: Application/X-WWW-form-urlencoded
Content-Length: 40
Connection: keep-alive

Name = Professional % 20 Ajax & publisher = Wiley

With the above understanding and examples of HTTP requests, let's look at the differences between the two submission methods:

(1) When a GET request is submitted, the request data is appended to the URL (that is, the data is placed in the HTTP header? Split URL and transmit data,
Use & to connect multiple parameters. For example, login. Action? Name = hyddd & Password = idontknow & verify = % E4 % BD % A0 % E5 % a5 % BD
If the data is an English letter/number, it is sent as is. If it is a space, it is converted to +. If it is a Chinese or other character, the string is directly used
Base64 encryption, for example, % E4 % BD % A0 % E5 % a5 % Bd. XX in % XX represents the ASCII code in hexadecimal notation.

Post submission: place the submitted data in the http package body. In the above example, the red font indicates the actual transmitted data.

Therefore, the data submitted by get is displayed in the address bar, while the address bar does not change when the post is submitted.

(2) Size of transmitted data: first, it is declared that the HTTP protocol does not limit the size of transmitted data, and the HTTP protocol does not limit the URL length.

In actual development, the following restrictions exist:
Get: the URL length of a specific browser and server is limited. For example, the URL Length of IE is limited to 2083 bytes (2 k + 35). For other browsers, such as Netscape and Firefox,
Theoretically, there is no length limit. The limit depends on the support of the operating system.

Therefore, when a GET request is submitted, data transmission is limited by the URL length.

Post: theoretically, data is not limited because the value is not transmitted through a URL. However, the actual size of data submitted by post is limited by Web servers. Apache and IIS6 have their own configurations.

(3) Security
. Post is more secure than get. Note: The security mentioned here is not the same as the "Security" mentioned in get. The above "security" only means not to modify data.
Here, the meaning of security is the true meaning of security. For example, the user name and password are displayed in plain text on the URL through get, because (a) the login page may be cached by the browser,
(B) if others view the history of the browser, they can get your account and password. In addition, using get to submit data may also cause cross-site rquest forgerr attacks.
(4) http get, post, and soap protocols all run on HTTP.
(A) Get: The request parameter is appended to the URL as a sequence (query string) of a key/value pair, the length of the query string is limited by the web browser and web server (for example, ie supports a maximum of 2048 characters)
It is not suitable for transmitting large datasets and is insecure.
(B) Post: Request Parameters are transmitted in a different part of the HTTP header (Named Entity body). This part is used to transmit form information. Therefore, you must set Content-Type: application/X-WWW-form-URL-encoded.
Post is designed to support user fields on web forms. Its parameters are also transmitted as key/value pairs.
However, it does not support complex data types, because post does not define the semantics and rules of the transmitted data structure.
(C) soap: the protocol is a special version of http post. It complies with a special XML Message format. Content-Type is set to text/XML, and any data can be XML.

3. Http response
1. Http response format:
<Status line>
<Headers>
<Blank line>
[<Response-body>]
The only real difference in the response is that the request information is replaced by the State Information in the first line. Status line provides a status code
To describe the requested resources.

HTTP Response instance:

HTTP/1.1 200 OK
Date: sat, 31 Dec 2005 23:59:59 GMT
Content-Type: text/html; charset = ISO-8859-1
Content-Length: 122
<HTML>
<Head>
<Title> wrox homepage </title>
</Head>
<Body>
<! -- Body goes here -->
</Body>
</Html>

2. The most common status codes are:
. 200 (OK): Find the resource and everything is normal.
. 304 (not modified) the resource has not been modified since the last request. This is usually used for browser caching.
. 401 (unauthorized): the client has no permission to access this resource. This usually requires the user to enter the user and password in the browser to log on to the server.
. 403 (Forbidden): the client is not authorized. This is usually because an incorrect user name or password is entered after 401.
. 404 (not found): the requested resource does not exist at the specified position.

Example 4:

Example:
HTTP GET
Send
GET/demowebservices2.8/service. asmx/cancelorder? Userid = string & Pwd = string & amp; orderconfirmation string HTTP/1.1
HOST: api.efxnow.com

Reply:
HTTP/1.1 OK
Content-Type: text/XML; charset = UTF-8
Content-Length: Length

<? XML version = "1.0" encoding = "UTF-8"?>
<Objplanceorderresponse xmlns = "https://api.efxnow.com/webservices2.3">
<Success> Boolean </success>
<Errordescription> string </errordescription>
<Errornumber> int </errornumber>
<Customerorderreference> long </customerorderreference>
<Orderconfirmation> string </orderconfirmation>
<Customerdealref> string </customerdealref>
</Objectplaceorderresponse>

HTTP POST
Send
Post/demowebservices2.8/service. asmx/cancelorder HTTP/1.1
HOST: api.efxnow.com
Content-Type: Application/X-WWW-form-urlencoded
Content-Length: Length

Userid = string & Pwd = string & orderconfirmation = string

Reply
HTTP/1.1 200 OK
Content-Type: text/XML; charset = UTF-8
Content-Length: Length

<? XML version = "1.0" encoding = "UTF-8"?>
<Objplaceorderresponse xmlns = "https://api.efxnow.com/webservices2.3">
<Success> Boolean </success>
<Errordescription> string </errordescription>
<Errornumber> int </errornumber>
<Customerorderreference> long </customerorderreference>
<Orderconfirmation> string </orderconfirmation>
<Customerdealref> string </customerdealref>
</Objplaceorderresponse>

Soap
Send
Post/demowebservices2.8/service. asmx HTTP/1.1
HOST: api.efxnow.com
Content-Type: Application/soap + XML; charset = UTF-8
Content-Length: Length

<? XML version = "1.0" encoding = "UTF-8"?>
<Soap12: envelope xmlns: xsi = "The http://wwww.w3.org/2001/XMLSchema=instance" xmlns: XSD = "http://www.w3.org/2001/XMLSchema"
Xmlns: soap12 = "http://www.w3.org/2003/05/soap-envelope">
<Soap12: Body>
<Cancelorder xmlns = "https://api.efxnow.com/webservices2.3">
<Userid> string </userid>
<PWD> string </pwd>
<Orderconfirmation> string </orderconfirmation>
</Cancelorder>
</Soap12: Body>
</Soap12: envelope>

Reply:
HTTP/1.1 200 OK
Content-Type: Application/soap + XML; charset = UTF-8
Content-Length: Length

<? XML version = "1.0" encoding = "UTF-8"?>
<Soap12: envelope xmlns: xsi = "The http://www.w3.org/2001/XMLSchema-instance" xmlns: XSD = "http://www.w3.org/2001/XMLSchema"
Xmlns: soap12 = "http://www.w3.org/2003/05/soap-envelope">
<Soap12: Body>
<Cancelorderresponse xmlns = "https://api.efxnow.com/webservices2.3">
<Cancelorderresult>
<Success> Boolean </success>
<Errordescription> string </errordescription>
<Errornumber> int </errornumber>
<Customerorderreference> long </customerorderreference>
<Orderconfirmation> string </orderconfirmation>
<Customerdealref> string </customerdealref>
</Cancelorderresult>
</Cancelorderresponse>
</Soap12: Body>