Difference between form get and post data submission

1. Get adds the parameter data queue to the URL referred to by the Action attribute of the submission form. The values correspond to each field in the form one by one and can be seen in the URL. Post uses the http post mechanism to place fields in the form and their content in the HTML header and send them to the URL address referred to by the Action attribute. You cannot see this process.

2. For the get method, the server uses request. querystring to obtain the value of the variable. For the POST method, the server uses request. Form to obtain the submitted data. You can use request to obtain parameters in either of the two methods.

3. The size of data transmitted in get mode is very small, generally around 2 kb, but the execution efficiency is better than that of POST method. The size of data transmitted in post mode is relatively large, it is waiting for the server to read data, but there are also byte restrictions. This is to avoid malicious attacks on the server using a large amount of data. According to Microsoft, Microsoft uses request. the maximum data size that form () can receive is limited. In IIS 4, it is 80 KB, and in IIS 5, it is 100 kb.

4,

Suggestion: unless you are sure that the data you submit can be submitted at one time, use the POST method whenever possible.

5. Low get security and high post security.
If you submit data in get mode, security issues may occur. For example, when you submit data in get mode on a login page, the user name and password will appear on the URL, if the page can be cached or other users can access the customer's machine, the user's account and password can be obtained from the history. Therefore, the POST method is recommended for form submission; A common problem on the form page submitted by the post method is that if the page is refreshed, a dialog box will pop up.
Suggestion: For security reasons, it is recommended that you use post to submit data.

Certificate ----------------------------------------------------------------------------------------------------------------------------------

During the interview, someone often asks the difference between form get and post data submission. I found it online and forwarded it below.
HTTP defines different methods for interaction with the server. There are four basic methods: Get, post, put, and delete. The full name of a URL is a resource descriptor. We can think that a URL address is used to describe resources on a network, while get, post, put, delete corresponds to the query, modify, add, and delete operations on this resource. Here, you should have a rough understanding. Get is generally used to obtain/query resource information, while post is generally used to update resource information.

1. According to HTTP specifications, get is used for information retrieval, and should be secure and idempotent.

(1). The so-called security means that the operation is used to obtain information rather than modify information. In other words, get requests generally do not have side effects. That is to say, it only obtains the resource information, just like the database query. It does not modify, add data, and does not affect the resource status.

* Note: security only indicates that the information is not modified.

(2) idempotence means that multiple requests to the same URL should return the same result. Here I will explain the concept of idempotence:
<! -- <Br/> code highlighting produced by actipro codehighlighter (freeware) <br/> http://www.CodeHighlighter.com/<br/> --> idempotence (idempotent, idempotence) is a mathematical or computer concept, common in abstract algebra.
Idempotence can be defined as follows:
For a single-object operation, if an operation is performed multiple times for all the numbers in the range, the result is the same as that obtained once, this operation is called idempotent. For example, an absolute value operation is an example. In a real number set, ABS (A) = ABS (a) is used )).
For binary operations, it is required that when the two values involved in the calculation are equivalent, if the calculation result is equal to the two values involved in the calculation, the operation is called the idempotence, for example, a function that calculates the maximum values of two numbers has the power in the real number set, that is, Max (x, x) = x.

After reading the above explanation, you should be able to understand the meaning of the get power.

However, in practice, the above two rules are not so strict. Example of referencing others' articles: for example, the front pages of news sites are constantly updated. Although the second request will return a different batch of news, this operation is still considered safe and idempotent because it always returns the current news. Basically, if the target is to open a link, the user can be sure that the resource is not changed from his own perspective.

2. According to HTTP specifications, post indicates requests that may modify resources on the server. Continue to reference the above example: for news websites, readers should post their comments on news, because the Site Resources are different after the comments are submitted, or the resource is modified.

The above describes some of the principles of get and post in the HTTP specification. However, in practice, many people fail to follow the HTTP specification, which leads to many reasons, such:

1. Many users are greedy and convenient. Get is used to update resources, because form is required for post, which may cause a little trouble.

2. You can add, delete, modify, and query resources through get/post without using put and delete.

3. in addition, early web MVC Framework designers did not consciously treat and design URLs as abstract resources, therefore, a serious problem is that the traditional Web MVC framework basically only supports the get and post HTTP methods, rather than the put and delete methods.

* MVC: MVC originally exists in the desktop program, M is the exponential data model, V is the user interface, and C is the controller. The purpose of using MVC is to separate the implementation code of M and V, so that the same program can use different expressions.

The above three points are a typical description of the old style (not strictly compliant with HTTP specifications). With the development of the architecture, there is now a representational state transfer and a new style that supports HTTP specifications, for more information, see restful Web Services.

After talking about the principle, let's look at the difference between get and post on the surface:

1. The GET request data will be appended to the URL (that is, the data is placed in the HTTP header? Splits the URL and transmits data. parameters are connected with each other, for example, login. Action? Name = hyddd & Password = idontknow & verify = % E4 % BD % A0 % E5 % a5 % BD. If the data is an English letter/number, it is sent as is. If it is a space, it is converted to +. If it is a Chinese character/other character, it is directly encrypted with base64, and the result is as follows: % E4 % BD % A0 % E5 % a5 % BD, where xx in % XX represents the ASCII represented in hexadecimal notation.

Post places the submitted data in the packet body of the http package.

2. "The data submitted in get mode can only be 1024 bytes at most. Theoretically, there is no limit on post. A large amount of data can be transferred. The maximum size of IIS4 is 80 KB, and that of iis5 is KB "??!

The above sentence was transferred from other articles. In fact, it is wrong and inaccurate:

(1 ). first, "the data submitted in get mode can only be 1024 bytes". Because get submits data through a URL, the amount of data that can be submitted by get is directly related to the URL length. In fact, the URL does not have a parameter ceiling. The HTTP protocol does not limit the URL length. This restriction is imposed by specific browsers and servers. The length of the URL is limited to 2083 bytes (2 k + 35) by IE ). For other browsers, such as Netscape and Firefox, there is no length limit theoretically. The limit depends on the support of the operating system.

Note that this limit is the length of the entire URL, not just the length of your parameter value. [See References 5]

(2 ). theoretically, there is no size limit on post and no size limit on HTTP specifications. it is inaccurate to say that "the size of post data is limited to 80 K/K, there is no limit on post data, and the restriction is the processing capability of the server's processing program.

For ASP programs, there is a K data length limit when the request object processes each form field. However, if request. binaryread is used, there is no such restriction.

With this extension, Microsoft has increased its restrictions for IIS 6.0 for security reasons. Note:

1). By default, IIS 6.0 has a maximum ASP post data volume of KB, and each form field is limited to kb.
2). By default, IIS 6.0 uploads a file up to 4 MB.
3). By default, the maximum request header of IIS 6.0 is 16 kb.
These restrictions are not available before IIS 6.0. [See References 5]

Therefore, the 80 K and K values above may only be the default values (Note: I have not confirmed the IIS4 and iis5 parameters), but they must be set by myself. Because the default values of these parameters are different for IIS in each version, refer to the relevant IIS configuration documents for details.

3. In ASP, the server uses request. querystring to obtain GET Request Parameters and request. Form to obtain POST request parameters. In JSP, request. getparameter (\ "XXXX \"), although the JSP also has a request. the getquerystring () method is difficult to use, for example, passing a test. JSP? Name = hyddd & Password = hyddd. What you get with request. getquerystring () is: Name = hyddd & Password = hyddd. In PHP, you can use $ _ Get and $ _ post to obtain data in get and Post respectively, while $ _ request can obtain data in get and post requests. It is worth noting that using $ _ Request in request and PHP in JSP poses a risk. Next time I will write a summary article.

4. Post is more secure than get. Note: The security mentioned here is not the same as the "Security" mentioned in get. The above "security" only means not to modify data, but here security means the meaning of true security. For example, if you submit data through get, the user name and password will appear in the URL in plain text, because (1) the login page may be cached by the browser, (2) if others view the browser's historical records, they will be able to get your account and password. In addition, using get to submit data may also cause cross-site request forgery attacks.

To sum up, get is a request to request data from the server, while post is a request to submit data to the server. In form, the default method is "get". In essence, get and post are only different sending mechanisms, not a single sending!