Original address: http://blog.csdn.net/csj50/article/details/5687850
a principle difference
Generally in the browser to enter the URL access to resources are through the Get method, in the form submission, you can specify the way to submit the method is get or post, the default is get commit
HTTP defines different ways to interact with the server, with 4 basic methods, namely Get,post,put,delete
URL full name is a resource descriptor, we can think: a URL address, which is used to describe a network of resources, and HTTP get,post,put,delete corresponding to this resource, change, increase, delete 4 operations. Here, everyone should have a general understanding, get is generally used to get/query resource information, and post is generally used to update the resource information ( personally think this is the essence of get and post, but also the intention of the Protocol designer, other differences are specific manifestations of the difference ).
According to the HTTP specification, get is used for information acquisition and should be secure and idempotent.
1. The so-called security means that the operation is used to obtain information rather than modify the information. In other words, get requests generally should not have side effects. That is, it simply gets the resource information, just like a database query, without modification, adding data without affecting the state of the resource.
* Note: The meaning of security here is simply non-modification information.
2. Idempotent means that multiple requests to the same URL should return the same result. Here I'll explain the concept of idempotent : idempotent (idempotent, idempotence) is a mathematical or computer concept, common in abstract algebra.
Idempotent is defined in the following ways:
For the monocular operation, if an operation has the same result as the result of doing the operation more than once in the range of a number of times, then we call the Operation Idempotent. For example, an absolute value operation is an example, in a real number set, there is abs (a) = ABS (ABS (a)).
For binocular operations, it is required that when the two values of the participating operations are equal, if the results of the operation are equivalent to the two values of the participating operations, the exponentiation of the operation, such as a function of the maximum value of two numbers, is idempotent in the real set, that is, max (x,x) = x.
After reading the above explanations, you should be able to understand the meaning of get idempotent.
But in practical applications, the above 2 rules are not so strict. Cite examples of other people's articles: for example, the front page of news sites is constantly being updated. Although the second request returns a different batch of news, the operation is still considered safe and idempotent, as it always returns the current news. Fundamentally, if the goal is that when a user opens a link, he can be confident that the resource is not changed from its point of view.
According to the HTTP specification, post represents a request that may modify resources on the server. Continue to cite the example above: or the news to the website as an example, readers of the news to publish their own comments should be done through post, because after the comments submitted site resources have been different, or that the resources have been modified.
It probably says something about the original rationality of Get and post in the HTTP specification. But in the actual time, many people do not follow the HTTP specification to do, the cause of this problem is many, for example, say:
1. Many people are greedy and use get when updating resources, because the post must go to the form (form), which can be a bit troublesome.
2. The increase of resources, delete, change, check operation, in fact, can be completed through get/post, do not need to use put and delete.
3. Another is that the early but web MVC framework designers did not consciously look at and design URLs as abstract resources. A more serious problem is that the traditional Web MVC framework basically supports only the Get and post two HTTP methods, and does not support the put and delete methods.
* Simply explain that MVC:MVC is originally present in the desktop program, m refers to the data model, v refers to the user interface, and C is the controller. The purpose of using MVC is to separate the implementation code for M and v so that the same program can use a different representation.
The above 3 points typically describe the style of the stereotype (no strict adherence to the HTTP specification), with the development of the architecture, there is now rest (representational statetransfer), a set of new styles to support the HTTP specification, here is not much to say, you can refer to the RESTful Web Services.
Two expression forms difference
Figuring out the difference between the two principles, let's look at the difference in their actual application:
To understand the difference between the two in the transmission process, let's look at the format of the HTTP protocol:
HTTP request:
<request line>//http Request Line
<blank line>//Carriage return line
[<request-body>]//http request body
In an HTTP request, the first line must be a request line (Requestline) that describes the type of request, the resource to be accessed, and the HTTP version used. This is followed by a header section that describes the additional information that the server will use. After the header is a blank line, then you can add any additional data [called the body].
Examples of Get and post methods:
Get/books/?sex=man&name=professional http/1.1
Host:www.wrox.com
user-agent:mozilla/5.0 (Windows; U Windows NT 5.1; En-us; rv:1.7.6)
gecko/20050225 firefox/1.0.1
Connection:keep-alive
post/http/1.1
Host:www.wrox.com
user-agent:mozilla/5.0 (Windows; U Windows NT 5.1; En-us; rv:1.7.6)
gecko/20050225 firefox/1.0.1
content-type:application/x-www-form-urlencoded
Content-length:40
Connection:keep-alive
(----empty line here----)
Name=professional%20ajax&publisher=wiley
With the above understanding and examples of HTTP requests, let's look at the differences between the two ways to commit:
(1) Get commit, the requested data will be appended to the URL (that is, the data placed in the HTTP protocol header), in order to split the URL and transfer data, multiple parameters with & connection; for example: login.action?name=hyddd&password= IDONTKNOW&VERIFY=%E4%BD%A0%E5%A5%BD. If the data is an English letter/number, sent as is, if it is a space, converted to +, if it is Chinese/other characters, the string is directly encrypted with BASE64, such as:%E4%BD%A0%E5%A5%BD, where the xx in%xx is the symbol in 16 binary notation ASCII.
Post submission: Place the submitted data in the package of the HTTP packet. In the example above, the red font indicates the actual transfer data
As a result, the data submitted by get is displayed in the Address bar, while the post is submitted, the address bar does not change
(2) The size of the transmitted data: first of all: the HTTP protocol does not limit the size of the transmitted data, and the HTTP protocol specification does not limit the length of the URL.
The main limitations in the actual development are:
GET: Specific browsers and servers have restrictions on URL length, such as IE's limit on URL length is 2083 bytes (2k+35). For other browsers, such as Netscape, Firefox, etc., there is theoretically no length limit, and its limitations depend on the support of the operating system.
Therefore, for a get commit, the transmitted data is limited by the URL length.
POST: The theoretical data is not limited because it is not transmitted via a URL. However, the actual Web server will be required to limit the size of the post submission data, Apache, IIS6 have their own configuration.
(3) Security:
The security of post is higher than the security of get. Note: The security described here is not the same concept as the "security" mentioned in get above. The meaning of "security" above is simply not to make data changes, and the meaning of security here is the meaning of true security, such as: submit data through get, user name and password will appear in plaintext on the URL, because (1) the login page may be cached by the browser, (2) Other people to view the browser's history, Then others can get your account number and password, in addition, using get to submit data may also cause cross-siterequest forgery attack
(4) The HTTP GET,POST,SOAP protocol is run on HTTP
1) Get: The request parameter is appended to the URL as a sequence of key/value pairs (query string)
The length of the query string is limited by the Web browser and Web server (ie supports up to 2048 characters) and is not suitable for transporting large datasets at the same time, it is unsafe
2) Post: The request parameter is transmitted in a different part of the HTTP header (named Entitybody), which is used to transfer the form information, so the Content-type must be set to: application/ X-www-form-urlencoded. The post is designed to support user fields on Web Forms, and its parameters are also transmitted as key/value.
However: it does not support complex data types, because post does not define the semantics and rules for transferring data structures.
3) Soap: is a dedicated version of HTTP POST, followed by a special XML message format
Content-type is set to: Text/xml Any data can be XML
Three HTTP response
1. HTTP response Format:
<status line>//http Response status line
<blank line>//Carriage return line
[<response-body>]//http response body
The only real difference in response is that the first line uses state information instead of the request information. Status line describes the requested resource situation by providing a status code.
HTTP Response instance:
http/1.1 OK
Date:sat, Dec 2005 23:59:59 GMT
content-type:text/html;charset=iso-8859-1content-length:122
Wrox Homepage
!--body goes here-->
2. The most commonly used status codes are:
(OK): The resource was found and everything is OK.
304 (not MODIFIED): The resource has not been modified since the last request. This is commonly used for browser caching mechanisms.
401 (Unauthorized): The client does not have permission to access the resource. This usually causes the browser to require the user to enter a user name and password to log on to the server.
403 (FORBIDDEN): Client failed to get authorization. This is usually followed by an incorrect user name or password that was entered after 401.
404 (Not FOUND): The requested resource does not exist at the specified location.
Four complete Example:
Example:
HTTP GET
Send
Get/demowebservices2.8/service.asmx/cancelorder? Userid=string&pwd=string&orderconfirmation=string http/1.1
Host:api.efxnow.com
Reply
http/1.1 OK
Content-type:text/xml; Charset=utf-8
Content-length:length
<?xml version= "1.0" encoding= "Utf-8"?>
<objplaceorderresponse xmlns= "https://api.efxnow.com/webservices2.3" >
<Success>boolean</Success>
<ErrorDescription>string</ErrorDescription>
<ErrorNumber>int</ErrorNumber>
<CustomerOrderReference>long</CustomerOrderReference>
<OrderConfirmation>string</OrderConfirmation>
<CustomerDealRef>string</CustomerDealRef>
</objPlaceOrderResponse>
HTTP POST
Send
Post/demowebservices2.8/service.asmx/cancelorder http/1.1
Host:api.efxnow.com
content-type:application/x-www-form-urlencoded
Content-length:length
Userid=string&pwd=string&orderconfirmation=string
Reply
http/1.1 OK
Content-type:text/xml; Charset=utf-8
Content-length:length
<?xml version= "1.0" encoding= "Utf-8"?>
<objplaceorderresponse xmlns= "https://api.efxnow.com/webservices2.3" >
<Success>boolean</Success>
<ErrorDescription>string</ErrorDescription>
<ErrorNumber>int</ErrorNumber>
<CustomerOrderReference>long</CustomerOrderReference>
<OrderConfirmation>string</OrderConfirmation>
<CustomerDealRef>string</CustomerDealRef>
</objPlaceOrderResponse>
SOAP 1.2
Send
Post/demowebservices2.8/service.asmx http/1.1
Host:api.efxnow.com
Content-type:application/soap+xml; Charset=utf-8
Content-length:length
<?xml version= "1.0" encoding= "Utf-8"?>
<soap12:envelopexmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd= "http://www.w3.org/2001/ XmlSchema "xmlns:soap12=" Http://www.w3.org/2003/05/soap-envelope ">
<soap12:Body>
<cancelorder xmlns= "https://api.efxnow.com/webservices2.3" >
<UserID>string</UserID>
<PWD>string</PWD>
<OrderConfirmation>string</OrderConfirmation>
</CancelOrder>
</soap12:Body>
</soap12:Envelope>
Reply
http/1.1 OK
Content-type:application/soap+xml; Charset=utf-8
Content-length:length
<?xml version= "1.0" encoding= "Utf-8"?>
<soap12:envelopexmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd= "http://www.w3.org/2001/ XmlSchema "xmlns:soap12=" Http://www.w3.org/2003/05/soap-envelope ">
<soap12:Body>
<cancelorderresponse xmlns= "https://api.efxnow.com/webservices2.3" >
<CancelOrderResult>
<Success>boolean</Success>
<ErrorDescription>string</ErrorDescription>
<ErrorNumber>int</ErrorNumber>
<CustomerOrderReference>long</CustomerOrderReference>
<OrderConfirmation>string</OrderConfirmation>
<CustomerDealRef>string</CustomerDealRef>
</CancelOrderResult>
</CancelOrderResponse>
</soap12:Body>
</soap12:Envelope>
This article transferred from: http://hi.baidu.com/eveready/blog/item/585bbb30fbcee915eac4af27.html
1. Get is the data that is fetched from the server, and post is the data that is sent to the server.
Get and post are just a way to pass data, and get can send data to the server, essentially sending requests and receiving results. Only the organization format and the amount of data there is a difference, the HTTP protocol is introduced in the
2.get is the parameter data queue to submit the form of the Action property refers to the URL, the value and the form within the field one by one corresponding, can be seen in the URL. Post is the httppost mechanism by which the fields within the form are placed within the HTML header with their contents and routed to the URL address referred to by the Action property. The user does not see the process.
Because get is designed to transfer small data, and it is best not to modify the server's data, so the browser is generally seen in the address bar, but post is generally used to pass big data, or more private data, so in the address bar can not see, can see is not the protocol, is the browser rules.
3. For Get mode, the server side uses Request.QueryString to get the value of the variable, and for post, the server side uses Request.Form to obtain the submitted data.
don't understand, how to get the variable is related to your server, and get or post regardless, the server has encapsulated these requests
4. The amount of data sent by the get is less than 2KB. Post transmits a large amount of data, which is generally not restricted by default. In theory, however, the maximum amount of IIS4 is 100KB in 80KB,IIS5. The
Post basically has no limit, I think everybody uploads the file, all uses the post way. Just modify the type parameter in the form
5. Get security is very low, post security is high.
If there is no encryption, they are the same level of security, any listener can be all the data to listen to, do not believe you the next network resources to monitor the software,