ArticleDirectory
- 1. Get and post Definitions
- 2. Difference Between get and post
- 3. server processing
- 4. Use get and post correctly
- 5. browser differences
- 6. Reference
In HTML, the form Element uses the method attribute to specify two different submission methods, namely, "get" (default) and "Post ".
1. Get and post Definitions
In W3C HTML 4.01 specification, the method attribute of the form element is used to specify the HTTP Method for sending the form.
- When get is used, the form dataset (such as the control-name = Current-value Key-Value Pair) is appended to the URI specified by the Action attribute of the form element;
- When post is used, the form dataset (such as the control-name = Current-value Key-Value Pair) is encapsulated in the Request body and sent.
This can be simply understood as, get is just splicing a URI, and then directly request data from the server (the dataset to be submitted to the server is included in the URI ). For example:
When this form is submitted, it will generate such a GET request: formget. aspx? Productid = 1.
The post operation encapsulates the form dataset, namely the productid = 1, in the Request body, and sends it to the server. Then, it requests data from the server. For:
When such a form is submitted, we will see a clean URI: formpost. aspx. Because the data is not spliced in the URI.
2. Differences between get and post 2.1 Security
If you use get to submit a form that verifies the user name and password, it is generally considered unsafe. Because the user name and password will appear on the URL, and then in the browser's history. Obviously, post should be used when there are security requirements.
2.2 Encoding
HTML 4.01 specification indicates that get can only send ASCII characters to the server, while post can send all the characters in iso000046 (if both enctype = "multipart/form-Data" is specified ).
Note that the enctype attributes of get and post are different. Enctype has two values. The default value is application/X-WWW-form-urlencoded, And the other value is multipart/form-data, which can only be used for post.
2.3 The length of the submitted data
HTTP specification does not limit the URL length, but ie limits the request URL length to 2083 characters, thus limiting the Data Length submitted by get. Tests show that if the URL exceeds this limit, ie will not respond when submitting the form. Other browsers do not have the URL length limit. Therefore, the length of data submitted by other browsers through get is limited by the server settings.
For post, because the submitted data is not in the URL, it is generally considered that the data length is limited by the server settings.
2.4 Cache
Because a get result corresponds to a URI directly, the get result page may be cached by the browser. Post is generally not supported. Refer to 5.
2.5 references and Seo
For the same reason as above, we can use a URI to reference A get result page, but the post result cannot, so it cannot be searched by the search engine.
3. server processing
ASP. NET on the serverProgramFor get, we use request. querystring [control-name] to obtain the corresponding = Current-value. For post, we use request. Form [control-name].
We can also use request [control-name] in general. However, this is not as efficient as the former. We can use the following program to compare the efficiency of request. querystring and request:
Protected void page_preinit (Object sender, eventargs E)
{
If (request ["inputstring"]! = NULL)
{
Int COUNT = 1000000;
Datetime start;
Datetime end;
String value = "";
Start = datetime. now;
For (INT I = 0; I {
Value = request. querystring ["inputstring"];
}
End = datetime. now;
Double requestget = (end-Start). totalseconds;
Start = datetime. now;
For (INT I = 0; I {
Value = request ["inputstring"];
}
End = datetime. now;
Double request = (end-Start). totalseconds;
Compare. innerhtml = requestget. tostring () + "/" + request. tostring () + "=" + (requestget/request). tostring ();
Get. innerhtml = value;
}
}
In the same way, we can compare request. Form and request.
The final result (request. querystring [control-name]/request [control-name] and request. form [control-name]/request [control-name]) is less than 1 in most cases. Therefore, we should try to use request. querystring or request. form instead of request.
4. Use get and post correctly
W3C official recommendation: Use get only when form is an idempotent (idempotent. Idempotence is a mathematical term defined as: for a function F: D-> D, if all X in D satisfies f (f x) = f x, this function is idempotent. In HTTP specification (for example, RFC 2616), idempotence is interpreted as the side effects of multiple identical requests, which are the same as the side effects of one request.
For example, if you submit a form and query a keyword from Google, we can think that this form is idempotent, because the side effects of one commit and ten commit are similar (10 queries may consume more energy). If you submit a form, you can order the utimate Bumblebee ), this is not idempotent: If you submit a form multiple times, you may be scolded by your wife. If you submit a form multiple times, you may be broke-the side effects of one commit and multiple submissions are significantly different, so this is not idempotent.
Therefore, if you submit a request to retrieve data from the server without performing other operations, and submit the request multiple times without obvious side effects, you should use get. For example:
- Search Engine Query: http://www.google.com/search? Q = yandixin;
- Page: articlelist. asp? Page = 1.
If you submit this request, other operations and impacts will occur, you should use post. For example:
- Modify the data in the database on the server;
- Send an email;
- Delete an object.
Another factor to consider is security. See figure 2.1.
5. browser differences
- IE 6: The URL length is limited to 2083 characters. After the post operation, the page will not be refreshed and the data will not be automatically re-posted, and a warning will appear;
In addition, "page has expired" may appear in the backend process (usually post to yourself and then back ):
Microsoft technical support personnel claim that "this is not a bug or problem specified to the ASP. net but a security feature of the IE browser ", and said" You can also inform your users of this ", it is really absurd. In addition, kb also mentioned this issue, which means you can set response. cachecontrol to "public". It is only valid after the first rollback.
- IE 7: Same as IE 6;
- Firefox 2.0.0.11: refreshing the page does not automatically post data again, and a warning is reported;
- Opera 9.24: normal (automatic post data );
- Safari 3.0.4: After the post operation, the system will not automatically repost the data after the page is refreshed, forward, or backward, and a warning will appear.
6. Reference
- Hypertext Transfer Protocol -- HTTP/1.1, Chapter 9 method definitions
- methods get and post in HTML forms-what's the difference
- what is the difference between get and post
- HTML 4.01 specification (W3C recommendation 24 December 1999), section 17.13: Form submission
- what is the limit on querystring/get/URL parameters?