Java face Question--java Web Chapter

HTTP of the request GET with the POST the difference of the way

Reference article: https://www.cnblogs.com/hyddd/archive/2009/03/31/1426026.html

HTTP defines different ways to interact with the server, with 4 basic methods, namely get,post,put,delete. URL full name is a resource descriptor, we can think: a URL address, which is used to describe a network of resources, and HTTP get,post,put,delete corresponding to this resource, change, increase, delete 4 operations. Here, you should have a general understanding, get is generally used to get/query resource information, and post is generally used to update resource information.

The difference in principle

1. According to the HTTP specification, get is used for information acquisition and should be secure and idempotent.

(1). So-called security means that the operation is used to obtain information rather than modify information. In other words, GET requests generally should not have side effects. That is, it simply gets the resource information, just like a database query, without modification, adding data without affecting the state of the resource.

* Note: The meaning of security here is simply non-modification information.

(2). Idempotent means that multiple requests to the same URL should return the same result.

2. According to the HTTP specification, post represents a request that may modify resources on the server. Readers ' comments about the news should be done via post because the site's resources have changed since the comment was submitted, or the resource has been modified.

After talking about the original reason, let's look at the difference between the get and post from the surface as above:

　　1. The data for the GET request is appended to the URL (that is, the data is placed in the HTTP protocol header), to split the URL and transfer the data, and the parameters are connected &, for example: Login.action?name=hyddd&password=idontknow &VERIFY=%E4%BD%A0%E5%A5%BD. If the data is an English letter/number, sent as is, if it is a space, converted to +, if it is Chinese/other characters, the string is directly encrypted with BASE64, such as:%E4%BD%A0%E5%A5%BD, where the xx in%xx is the symbol in 16 binary notation ASCII.

Post submits the data to the packet in the HTTP packet.

　　2. " The data submitted by the Get method can only be 1024 bytes, in theory post has no limit, can transmit a large amount of data, IIS4 in the maximum of 80kb,iis5 100KB "??!

　　The above sentence I transferred from other articles, in fact, this is wrong, inaccurate:

　　(1). First, "The data submitted by the Get method can only be 1024 bytes," Because get is the data submitted through a URL, then the amount of data that get can commit is directly related to the length of the URL. In fact, the URL does not have the upper limit of the argument, the HTTP protocol specification does not limit the length of the URL. This restriction is restricted to specific browsers and servers. IE's limit on URL length is 2083 bytes (2k+35). For other browsers, such as Netscape, Firefox, etc., there is theoretically no length limit, and its limitations depend on the support of the operating system.

(2). In theory, the post is no size limit, the HTTP protocol specification is not a size limit, said "post data volume exists 80k/100k size limit" is inaccurate, post data is not limited, the limit is the processing capacity of the server handler.

The security of the 3.POST is higher than the security of get. Note: The security described here is not the same concept as the "security" mentioned in get above. The meaning of "security" above is simply not to make data changes, and the meaning of security here is the meaning of true security, such as: submit data through get, user name and password will appear in plaintext on the URL, because (1) the login page may be cached by the browser, (2) Other people to view the browser's history, Then other people can get your account number and password, in addition, using get to submit data may also cause Cross-site request forgery attack.

To summarize, get is a request to send data to the server, and post is a request to submit data to the server, in form (form), the method defaults to "get", in essence, get and post just send mechanism is different, not one to take a hair!

Java face Question--java Web Chapter