HTTP method: GET vs. POST
- HTTP message
- Label list (alphabetical order)
The two most common HTTP methods are: GET and POST.
What is HTTP?
The Hypertext Transfer Protocol (HTTP) is designed to ensure communication between the client and the server.
HTTP works as a request-response protocol between the client and the server.
A Web browser might be a client, and a network application on a computer might be a server-side.
Example: the client (browser) submits an HTTP request to the server, and the server returns a response to the client. The response contains status information about the request and what might be requested.
Two methods of HTTP request: GET and POST
In the request-response between the client and the server, the two most commonly used methods are: GET and POST.
- GET-Requests data from the specified resource.
- POST-submits the data to be processed to the specified resource
GET method
Note that the query string (name/value pair) is sent in the URL of the GET request:
/test/demo_form.asp?name1=value1&name2=value2
Some additional comments about the GET request:
- Get requests can be cached
- GET requests remain in browser history
- Get requests can be bookmark-Favorites
- GET requests should not be used when handling sensitive data
- Get request has a length limit
- GET requests should only be used to retrieve data
POST method
Note that the query string (name/value pair) is sent in the HTTP message body of the POST request:
Post/test/demo_form.asp http/1.1host:w3schools.comname1=value1&name2=value2
Some additional comments about the POST request:
- POST requests are not cached
- POST requests are not persisted in browser history
- POST cannot be bookmarked
- POST request has no requirement for data length
Compare GET to POST
The following table compares the two HTTP methods: GET and POST.
|
GET |
POST |
Back button/refresh |
harmless |
data will be re-mentioned (The browser should inform the user that the data will be resubmitted). |
bookmarks |
bookmark bookmarks |
cannot be bookmarked |
cache |
can be cached |
cannot be slowed Save |
encoding type |
application/x-www-form-urlencoded |
application/x-www-form-urlencoded or Multipart/form-data. Use multiple encodings for binary data. The |
history |
parameter remains in the browser history. The |
parameter is not saved in the browser history. |
Restrictions on the length of data |
Yes. When data is sent, the GET method adds data to the URL, and the length of the URL is limited (the maximum length of the URL is 2048 characters). |
is unrestricted. |
restrictions on data types |
allow only ASCII characters. There is no limit to |
. Binary data is also allowed. |
security |
GET is less secure than POST because the data sent is part of the URL. Never use GET when sending passwords or other sensitive information! |
POST is more secure than GET because parameters are not saved in the browser history or Web server logs. |
Visibility |
data is visible to everyone in the URL. The |
data is not displayed in the URL. |
Other HTTP Request Methods
Some other HTTP request methods are listed in the following table:
Method |
Description |
HEAD |
Same as GET, but returns only the HTTP header and does not return the document body. |
PUT |
Uploads the specified URI representation. |
DELETE |
Deletes the specified resource. |
OPTIONS |
Returns the HTTP methods supported by the server. |
CONNECT |
Convert the request connection to a transparent TCP/IP channel. |
HTTP method: GET vs. POST