Get/post Request differences for HTTP

Source: Internet
Author: User
Tags html header http post representational state transfer

1. HTTP request Format:

<request line>

<blank line>


In an HTTP request, the first line must be a request line, which describes the type of request, the resources to be accessed, and the HTTP version used. This is followed by a header section that describes the additional information that the server will use. After the header is a blank line, then you can add any additional data [called the body].

1. Get is the data that is fetched from the server and post is the data sent to the server.
Get and post are just a way of passing data, and get can also send data to the server, and they are essentially sending requests and receiving results. Only the organization format and the amount of data there is a difference, the HTTP protocol inside the introduction
2. Get is the URL where the parameter data queue is added to the Action property of the submission form, and the value corresponds to the field one by one in the form, which is visible in the URL. Post is the HTTP post mechanism that places the fields within the form with their contents in the HTML header, along with the URL address referred to by the Action property. The user does not see the process.
Because get is designed to transfer small data, and it is best not to modify the server's data, so the browser is generally seen in the address bar, but post is generally used to pass big data, or more private data, so in the address bar can not see, can see is not the protocol, is the browser rules.
3. For Get mode, the server side uses Request.QueryString to get the value of the variable, and for post, the server side uses Request.Form to obtain the submitted data.
Do not understand, how to get the variable is related to your server, and get or post independent, the server has been encapsulated in these requests
4. Get transmits a small amount of data, cannot be greater than 2KB. Post transmits a large amount of data, which is generally not restricted by default. In theory, however, the maximum amount of IIS4 is 100KB in 80KB,IIS5.
Post basically no limit, I think we all uploaded files, are used post mode. Just to modify the type parameter in the form
5. Get security is very low, post security is high.
If there is no encryption, they are the same level of security, any listener can listen to all the data, do not believe your own next network resources to monitor the software,

Get is a request to send data to the server, and post is a request to submit data to the server, in form (form), the method defaults to "get", in essence, GET and post just send mechanism is different, not one to take a hair!
HTTP defines different ways to interact with the server, with 4 basic methods, namely get,post,put,delete. URL full name is a resource descriptor, we can think: a URL address, which is used to describe a network of resources, and HTTP get,post,put,delete corresponding to this resource, change, increase, delete 4 operations. Here, you should have a general understanding, get is generally used to get/query resource information, and post is generally used to update resource information.
1. According to the HTTP specification, get is used for information acquisition and should be secure and idempotent.

(1). So-called security means that the operation is used to rather than modify information. In other words, GET requests generally should not have side effects. That is, it just gets the resource information, just likeDatabaseQueries do not modify, add data, and do not affect the state of the resource.

* Note: The meaning of security here is simply non-modification information.

(2). Idempotent means that multiple requests to the same URL should return the same result. Here I'll explain the concept of idempotent:

Idempotent (idempotent, idempotence) is a mathematical or computer concept that is common in abstract algebra.
Idempotent has several definitions:
For the monocular operation, if an operation has the same result as the result of doing the operation more than once in the range of a number of times, then we call the Operation Idempotent. For example, the absolute value operation is an example, in the real number set, there is abs (a) =abs (ABS (a)).
For binocular operations, it is required that when the two values of the participating operations are equal, if the results of the operation are equivalent to the two values of the participating operations, the exponentiation of the operation, such as a function of the maximum value of two numbers, is in the power of the real concentration, that is, max (x,x) = x.
After reading the above explanations, you should be able to understand the meaning of get idempotent.

But in practical applications, the above 2 rules are not so strict. Quoting othersarticleExample: The front page of a news site is constantly being updated. Although the second request returns a different batch of news, the operation is still considered safe and idempotent, as it always returns the current news. Fundamentally, if the goal is that when a user opens a link, he can be confident that the resource is not changed from its point of view.

2. According to the HTTP specification, post represents a request that may modify resources on the server. Continue to cite the example above: or the news to the website as an example, readers of the news to publish their own comments should be done through post, because after the comments submitted site resources have been different, or that the resources have been modified.

It probably says something about the original reason for Get and post in the HTTP specification. But in the actual time, many people do not follow the HTTP specification to do, the cause of this problem is many, for example, say:

1. Many people are greedy and use get when updating resources, because the post must go to the form (form), which can be a bit troublesome.

2. The increase of resources, delete, change, check operation, in fact, can be completed through get/post, do not need to use put and delete.

3. Another is that the early web MVC framework designers did not consciously view and design URLs as abstract resources, so a more serious problem is that the traditional web MVC framework basically only supports get and post two HTTP methods, The put and delete methods are not supported.

* Simply explain that MVC:MVC is originally present in the desktop program, m refers to the data model, v refers to the user interface, and C is the controller. The purpose of using MVC is to separate the implementation code for M and v so that the same program can use a different representation.

The above 3 points typically describe the style of the stereotype (no strict adherence to the HTTP specification), with the development of the architecture, there is now rest (representational state Transfer), a set of new styles to support the HTTP specification, here is not much to say, you can refer to the RESTful Web Services.

After talking about the original reason, let's look at the difference between the get and post from the surface as above:

1.GET requested data will be appended to the URL (that is, the data placed in the HTTP protocol header), in order to split the URL and transfer data, the parameters are connected to &, such as: login.action?name=hyddd&password= IDONTKNOW&AMP;VERIFY=%E4%BD%A0%E5%A5%BD. If the data is an English letter/number, sent as is, if it is a space, converted to +, if it is Chinese/other characters, the string is directly encrypted with BASE64, such as:%E4%BD%A0%E5%A5%BD, where the xx in%xx is the symbol in 16 binary notation ASCII.

Post submits the data to the packet in the HTTP packet.

2. "The data submitted by the Get method can only be 1024 bytes, theoretically post No limit, can be transmitted a large amount of data, IIS4 in the maximum of 80kb,iis5 100KB"??!

The above sentence I transferred from other articles, in fact, this is wrong, inaccurate:

(1). First, "The data submitted by the Get method can only be 1024 bytes," Because get is the data submitted through a URL, then the amount of data that get can commit is directly related to the length of the URL. In fact, the URL does not have the upper limit of the argument, the HTTP protocol specification does not limit the length of the URL. This restriction is restricted to specific browsers and servers. IE's limit on URL length is 2083 bytes (2k+35). For other browsers, such as Netscape, Firefox, etc., there is theoretically no length limit, and its limitations depend onOperating SystemThe support.

Note that this is the limit for the entire URL length, not just your parameter value data length. [see reference 5]

(2). In theory, the post is no size limit, the HTTP protocol specification is not a size limit, said "post data volume exists 80k/100k size limit" is inaccurate, post data is not limited, the limit is the processing capacity of the server handler.

For ASP programs, the request object has a 100K data length limit when processing each form field. However, if you use Request.BinaryRead, you do not have this limitation.

By this extension, for IIS 6.0,MicrosoftThe restrictions are increased for security reasons. We also need to note:

1). IIS 6.0 default ASP post data is up to 200KB, and each form field limit is 100KB.
2). The maximum size of the IIS 6.0 default upload file is 4MB.
3). The default maximum request header for IIS 6.0 is 16KB.
These restrictions do not precede IIS 6.0. [see reference 5]

So the above 80k,100k may just be the default value (note: I have not confirmed the parameters of IIS4 and IIS5), but I am sure I can set it myself. Because each version of IIS does not have the same default values for these parameters, refer to the relevant IIS configuration documentation.

3. In ASP, the server obtains the GET request parameter with Request.QueryString, obtains the POST request parameter with the Request.Form. In JSP, with Request.getparameter (\ "xxxx\") to obtain, although JSP also has the request.getquerystring () method, but the use of more trouble, such as: Pass aTest. JSP?NAME=HYDDD&AMP;PASSWORD=HYDDD, with request.getquerystring (), is: name=hyddd&password=hyddd. In PHP, you can use $_get and $_post to get the data in the get and post separately, while $_request can get the data from the get and post two requests. It should be noted that the use of JSP in the request and PHP use $_request will have hidden trouble, this next time to write an article summary.

The security of the 4.POST is higher than the security of get. Note: The security described here is not the same concept as the "security" mentioned in get above. The meaning of "security" above is simply not to make data changes, and the meaning of security here is the meaning of true security, such as: submit data through get, user name and password will appear in plaintext on the URL, because (1) the login page may be cached by the browser, (2) Other people to view the browser's history, Then other people can get your account number and password, in addition, using get to submit data may also cause Cross-site request forgery attack.

To summarize, get is a request to send data to the server, and post is a request to submit data to the server, in form (form), the method defaults to "get", in essence, get and post just send mechanism is different, not one to take a hair!

Get/post Request differences for HTTP

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.