The difference between get and post

HTTP defines different ways to interact with the server, with 4 main methods, each of which is get,post. Put,delete.

The URL full name is a resource descriptive descriptor. We can feel this: a URL address, which is used to describe a network of resources, and HTTP Get,post. Put,delete the corresponding to the resources of the search , change , increase . Delete 4 operations. Here, you should have a general understanding, get is generally used to get/query resource information. Post is typically used to update resource information.

　　 1. According to the HTTP specification, get is used for information acquisition and should be secure and idempotent .

(1). The so-called security means that the operation is used to obtain information rather than change information.

In other words, GET requests generally should not have side effects. That is, it does get resource information just like a database query. Will not change. Add data. Does not affect the state of the resource.

* Note: The meaning of security here is non-change information.

(2). Idempotent means that multiple requests to the same URL should return the same result.

Here I'll explain the concept of idempotent :

　　 Power, etc.(Idempotent, Idempotence) is a mathematical or computer concept, common in abstract algebra.

Idempotent has several definitions:
For the monocular operation, it is assumed that an operation is the same as the result of doing the operation more than once in the range of a number of times and the result of doing the operation is the same, then we call the Operation Idempotent. For example, an absolute value operation is a sample. In the real number set. ABS (a )=ABS (ABS (a)).

For binocular operations. It is required when the two values of an operation are equal. Assuming that the result of the operation is equal to the two values of the operation, it is called the exponentiation of the operation, such as a function to find the maximum value of two numbers. There are idempotent in the real concentration. That is , Max (x,x) = x.

After reading the above explanations, you should be able to understand the meaning of get idempotent.

But in practical applications. The above 2 rules are not so strict. Examples that cite others ' articles: for example. The front page of the news website is constantly updated. Although the second request returns a different batch of news, the operation is still considered safe and idempotent, because it always returns the current news. Fundamentally, the assumption is that when a user opens a link, he can be confident that it doesn't change resources from his own point of view.

　　2. according to the HTTP specification. Post represents a request that could change resources on the server . Continue to cite the example above: or the news to the site as an example. The reader's comments on the news should be delivered via post, since the site's resources have been different after the comment was submitted, or the resources have been changed.

It probably says something about the original reason for Get and post in the HTTP specification.

But at the time of the actual doing. Very many people do not follow the HTTP specification to do, resulting in a lot of solutions to this problem, for example:

　　1. Very many people are greedy for convenience, when updating resources with GET, because it is necessary to use post to form (form), this will be a bit troublesome.

　　2. Increase in resources, delete. Change. Check the operation. In fact all can pass through get/post, do not need to use put and delete.

　　3. The other one is. The early web MVC Framework designers did not consciously view and design URLs as abstract resources , so a more serious problem was that the traditional web MVC framework basically supported only get and post two HTTP methods, The put and delete methods are not supported.

* Simply explain that MVC:MVC is originally in the desktop program, and M refers to the data model. V refers to the user interface. C is the controller.

The purpose of using MVC is to separate the implementation code for M and v so that the same program can use a different representation.

The above 3 points typically describe the style of the stereotype (without strictly complying with the HTTP specification) as the architecture progresses. Now there is rest (representational state Transfer), a set of new styles that support the HTTP specification, not much to say here, to take a look at RESTful Web Services.

After talking about the original reason, let's look at the difference between the get and post from the surface as above :

　　1. The data for the GET request is appended to the URL (that is, the data is placed in the HTTP protocol header).

The cut URL and data transfer, the number of parameters between the & connected, such as: LOGIN.ACTION?NAME=HYDDD&PASSWORD=IDONTKNOW&VERIFY=%E4%BD%A0%E5%A5%BD. Suppose the data is an English letter/number, sent as is, assumed to be a space, converted to +, assumed to be Chinese/other characters. The string is directly encrypted with BASE64, such as:%E4%BD%A0%E5%A5%BD. The XX in%xx is the ASCII represented by the symbol in the 16 binary notation.

Post submits the data to the packet in the HTTP packet.

　　2. " The data submitted by the Get method can be up to only 1024 bytes. There is no limit to post in theory. A large amount of data can be transmitted. The maximum is 80KB in IIS4. 100KB in IIS5 "??!

The above sentence I transferred from other articles, in fact, it is wrong to say so. Not accurate:

(1). First, "The data submitted by the Get method can only be 1024 bytes". Because get is submitting data through a URL. Then the amount of data that get can commit is directly related to the length of the URL. In fact, theURL does not have a limit on the number of parameters . the HTTP protocol specification does not limit the URL length . This restriction is specific to the browser and the server restricts it. IE's limit on URL length is 2083 bytes (2k+35).

For other browsers, such as Netscape, Firefox, etc., theoretically there is no length limit. The limitations depend on the support of the operating system.

Note that this is the limit for the entire URL length, not the length of your participant data. [See references 5]

(2). In theory,post is not limited in size . The HTTP protocol specification also does not have the restriction size , said "the Post data volume existence 80k/100k limit size" is inaccurate, the post data is unrestricted, the restriction is the server's handler processing ability.

For ASP programs, the request object has a 100K data length limit when processing each form field.

But assuming that request.binaryread is used, there is no such limit.

Extended by this. For IIS 6.0, Microsoft has increased its restrictions for security reasons. We also need to note:

1). IIS 6.0 The default ASP post data volume is 200KB, and each form field limit is 100KB.
2). The maximum size of the IIS 6.0 default upload file is 4MB.

3). The default maximum request header for IIS 6.0 is 16KB.
These restrictions do not precede IIS 6.0. [See references 5]

So the above 80k,100k may just be the default (note: I have not confirmed the parameters of IIS4 and IIS5). But it must be able to set itself. Because IIS for each version number has a different default value for these parameters, please refer to the relevant IIS configuration documentation for details.

　　3. In ASP, the server obtains the GET request to take the number with Request.QueryString, obtains the POST request to take the number to use the Request.Form. In the JSP. Use Request.getparameter (\ "xxxx\") to obtain, although JSP also has the request.getquerystring () method, but it is more troublesome. For example: Pass a test.jsp?name=hyddd&password=hyddd, use request.getquerystring () to get is: name=hyddd&password=hyddd.

In PHP, you can get the data in get and post separately using $_get and $_post. $_request, however, is able to obtain data from both get and post two requests.

It is worth noting that the use of request in JSP and PHP in the use of $_request will have a hidden danger. This next time write an article summary.

　　4. The security of post is higher than the security of get. Note: The security described here is not the same concept as the "security" mentioned in get above. The meaning of "security" above does not make data changes, and the meaning of security here is the meaning of real security. For example: by using get to submit data, username and password will clear the current URL. Since (1) the login page may be cached by the browser, (2) Other people can view the browser's history, then others will be able to get your account and password. Besides. Using get to submit data may also cause Cross-site request forgery attack.

Sum up. get is a request to the server for data, and Post is a request to submit data to the server, in form (form), the method implicitly feels "Get", essentially , get and post are just different sending mechanisms, not one to take a hair!

Get-to-post differences