Website form receiving information submission method: Get and Post

Source: Internet
Author: User
Tags website server

This involves Network Transmission Security, which is also crucial for SQL Injection detection.
For everyone
When browsing a website, the website server obtains data in two ways:
Get and post
Get:
GET is an HTTP method that submits various information to the server.
Get is mainly a variable on the url. When a user clicks a hyperlink, a dynamic webpage is usually displayed as a variable, such as news. aspx? Articleid = 1
Nnews. aspx is a file, articleid is a variable, and 1 is a value. In this case, the server will Get the value of articleid in Get mode.
The GET request created by the Web browser is sent to the Web server, which displays the request information in the url and the result in the browser.
The user's GET request sent to the Web server looks like this:
GET/search. php? Text = LCD % 20 monitors & cat = 1 & num = 20 HTTP/1.1
Host: blackbap.com
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: 1.8.1.19)
Gecko/20081216 Ubuntu/8.04 (hard) Firefox/2.0.0.19
Accept: text/xml, application/xml, application/xhtml + xml,
Text/html; q = 0.9, text/plain; q = 0.8, image/png, */*; q = 0.5
Accept-Language: en-gb, en; q = 0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1, UTF-8; q = 0.7, *; q = 0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Www.2cto.com
For this type of requests, the parameter format is as follows:
? Parameter1 = value1 & meter2 = value2 & meter3 = value3 &...
We can see that the variables here exist in the original file, and the value is the data number in the database. If the filtering of variables in files is not strict, when my value is an invalid value (this part will be popular in the future), the server will be deceived, that is, the legendary SQL Injection
 
Post
Post is another method for sending information to the Web server through HTTP.
The return of information to the server depends on the server target, that is, the server.
This is usually the way to pass information: There is a form in the web page, we fill in the Form, click the "Submit" button, the data in the form will be sent in the form of post.
The registration and login we usually see are post, but the search box is not necessarily like this.
Let's take a look at the notes about Post and Get:
 
Website server environment detection note of German second TV
This submission method is different from the previous one. The information submitted in post mode is selected and filled in with your choice, while Get is designed with the website.
This is an example of sending a Post to a remote Web server:
POST/contact/index. asp HTTP/1.1
Host: blackbap.org
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: 1.8.1.19) Gecko/20081216
Ubuntu/8.04 (hard) Firefox/2.0.0.19
Accept: text/xml, application/xml, application/xhtml + xml,
Text/html; q = 0.9, text/plain; q = 0.8, image/png, */*; q = 0.5
Accept-Language: en-gb, en; q = 0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1, UTF-8; q = 0.7, *; q = 0.7
Keep-Alive: 300
Referer: http://www.bkjia.com/contact/index. asp
Content-Type: application/x-www-form-urlencoded
Content-Length: 129
First = Juliet & last = Nana & email = nana@blackbap.com & phone = 1187843170 & title = Abc & country = China & comments =
I % 20 wocould % 20 like % 20to % 20 request % 20 information
Copy code
Let's look at the last line of post information.
First = Juliet & last = Nana & email = nana@blackbap.com & phone = 1187843170 & title = Abc & country = China & comments =
I % 20 wocould % 20 like % 20to % 20 request % 20 information
 
There are also variables, but the value is a self-filled form.
These contents can be obtained through packet capture.
It is important to analyze the hidden yourself or website security. (Why is it important for websites? See the note I gave)

Author: Juliet from: XI ke Information Technology

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.