Summary of differences between post and get

Source: Internet
Author: User
Tags html header

 

Difference between post and get

 

Isn't there a large string in the post address bar? Something like bjnghfgreygt

If it is get, it will appear

1. The get method uses a URL request to transmit user data. Each field name and its content in the form are connected to a pair of strings and placed after the URL of the program indicated by the Action property, like [url] http://www.mdm.com/test.asp? Name = ASD & Password = sad [/url], data will be directly displayed on the URL, just as the user clicks a link. The post method uses the http post mechanism, place the field names and content in the form in the HTML header and send them to the server for processing by the program that can be referred to by the Action attribute. The program will pass the standard input (stdin) to read and process the form data.


2. The get method uses request. querystring to obtain the value of the variable. The post method uses request. Form to access the submitted content.


3. The size of data transmitted in get mode is very small, generally around 2 kb, but the execution efficiency is better than that of POST method. The size of data transmitted in post mode is relatively large, it is waiting for the server to read data, but there are also byte restrictions. This is to avoid malicious attacks on the server using a large amount of data. According to Microsoft, Microsoft uses request. the maximum data size that form () can receive is limited. In IIS 4, it is 80 KB, and in IIS 5, it is 100 kb.

Suggestion: unless you are sure that the data you submit can be submitted at one time, use the POST method whenever possible.


4. If you submit data in get mode, security issues may occur. For example, when you submit data in get mode on a login page, the user name and password will appear on the URL, if the page can be cached or other users can access the customer's machine, the user's account and password can be obtained from the history. Therefore, the POST method is recommended for form submission; A common problem on the form page submitted by the post method is that if the page is refreshed, a dialog box will pop up.

Suggestion: For security reasons, it is recommended that you use post to submit data.

 

  Post What is different from get? Get The difference with post is: (for CGI) If the data is transmitted in get mode, the parameters attached to the CGI program URL are directly transmitted to the server and can be read from the QUERY_STRING environment variable on the server; If post transmission is used, the parameter is packaged and transmitted to the server in the datagram mode and can be read from the content_length environment variable. Another case is that you use the get method, but the transmitted parameter is the path, for example: ---- <Ahref = "/cgi-bin/a. pl/usr/local/bin/pine"> CGI </a> ---- The passed parameter "/usr/local/bin/pine" is stored in the environment variable path_info. The environment variable is read by $ STR =$ env {'query _ string '}; Theoretically, GET requests data from the server, and post requests data to the server. In fact, the get method adds the data parameter Queue (query string) to a URL, and the values correspond to the form one by one. For example, name = John. In the queue, values and forms are separated by an & symbol, spaces are replaced by signs, and special symbols are converted into hexadecimal code. Because this queue is in the URL, the queue parameters can be viewed, recorded, or changed. The get method also limits the character size. In fact, the POST method can transmit data to the server without time restrictions, and the user cannot see this process on the browser side. Therefore, the POST method is suitable for sending a confidential (such as a credit card number) or a large amount of data is sent to the server. Post Is a method that allows transmission of a large amount of data, And the get method will attach the data to be transmitted to the end of the website and then deliver the data together to the server. Therefore, the amount of data transmitted will be limited, however, the execution efficiency is better than the POST method. For the data submitted by get, the WWW Server puts the data in the environment variable QUERY_STRING; for the post method, the data is sent to the stdout of the WWW server, and then CGI reads data from its own stdin. With the traditional CGI method, users must program themselves to process the data. Get The difference with post is that, if transmitted in get mode, the parameter is appended to the CGI program URL and directly transmitted to the server, and can be read from the QUERY_STRING environment variable of the server; if post transmission is used, the parameter is packaged and transmitted to the server in the datagram mode and can be read from the content_length environment variable. Another case is that you use the get method, but the transmitted parameter is the path, for example:

---- <Ahref = "/cgi-bin/a. pl/usr/local/bin/pine"> CGI </a>

---- The passed parameter "/usr/local/bin/pine" is stored in the environment variable path_info. The environment variable is read by $ STR =$ env {'query _ string '};
To sum up: Get Method: Data parameters are transmitted using URL strings. on the server side, data can be directly read from the 'query _ string' variable, which is highly efficient but lacks security, and cannot process complex data (only strings, such as Servlet/JSP, cannot process and use Java functions such as vector ); Post Mode: In transmission mode, parameters are packaged and transmitted in the datagram. They are read from the environment variable content_length to facilitate the transmission of larger data, at the same time, because no data is exposed in the browser's address bar, the security is relatively high, but such processing efficiency will be affected. ------------------- Get And post Difference in requests  
// -- TCP/IP
Protocol details 3
13.3.1 Message Type: request and response
There are two types of HTTP/1. 0 packets: request and response. The format of the HTTP/1. 0 request is:
Reqe T-l I n e
Headers (0 or multiple)

Body (valid only for post requests)
Request-l I n e The format is:
Request request-Uri HTTP Version Number
The following three types of requests are supported:
1) for a g e t request, any information specified by re q u e S t-u r I is returned.
2) The h e a D request is similar to the g e t request, but the server program only returns the header information of the specified document, excluding the actual document content. This request is usually used to test the correctness, accessibility, and recent modifications of hypertext links.
3) p o s t requests are used to send emails, news, or forms that can be filled in by interactive users. This is the only request that needs to send B o d y in the request. When using a p o s t request, it must be in the header c o n t e n t-l e n g t h Field
The length of B o d y.
// -- TCP/IP protocol details 3

Understand? The GET request indicates that the client requests a URI, and the server returns the URI of the client request. the post request indicates that data must be submitted when the client requests a form, the data to be submitted is placed in the body of the request message. After receiving such a request, the server usually needs to process the data.
When applying for J2EE development, this question indicates that the question focuses on the difference in the server's processing of these two types of requests, rather than the difference in the packets of these two types of requests. Of course, as a JSP servlet developer, you will not feel the difference between the two types of requests, because the Web server has already processed these requests, when the Web server calls the corresponding JSP/servlet to respond to the client request, the web server has retrieved the data submitted by the client for the POST request and added it to the request object. However, the doget and dopost methods of servlet requests for get and post will be called in response. That is to say, if the client sends a GET request, the code you write to the dopost () method in the servlet will not be executed. If it is a POST request, it will be written in doget () the code in is not called (for all requests, the code written in doservice is called, because in the httpservlet class, doget dopost requests are distributed by doservice, for more information, see the servlet lifecycle ).
HTTP Request: difference between get and post Methods

HTTP defines different methods for interaction with the server. The most basic methods are get and post. In fact, get applies to most requests, while retaining post is only used to update sites. According to the HTTP specification, get is used to , and should be secure and idempotent. The so-called security means that this operation is used to  instead of modifying information. In other words, get requests generally do not have side effects. Idempotence means that multiple requests to the same URL should return the same result. The complete definition is not as strict as it looks. Basically, the goal is that when a user opens a link, she can be confident that the resource has not changed from her own perspective. For example, the front pages of news sites are constantly updated. Although the second request will return a different batch of news, this operation is still considered safe and idempotent because it always returns the current news. And vice versa. POST requests are not that easy. Post indicates a request that may change resources on the server. Taking the news site as an example, the reader's comments to the article should be implemented through the POST request, because the site is already different after the annotation is submitted (for example, an annotation appears below the article );
If method is not specified during form submission, the default value is get. The data submitted in form will be appended to the URL? Separated from the URL. The letter and digit characters are sent as they are, but spaces are converted to "" signs. Other symbols are converted to % xx. xx indicates the ASCII (or ISO Latin-1) of the symbol in hexadecimal notation) value. The data submitted for the GET request is placed in the HTTP Request Header, while the data submitted for the post is placed in the object data;
Data submitted in get mode can contain a maximum of 1024 bytes, whereas post mode does not.
Get Different from the post Method  In the B/S application, Data Interaction Between the foreground and the background is completed through the form in HTML. Form provides two data transmission methods: Get and post. Although they are all data submission methods, they are indeed quite different in actual transmission, and may have a serious impact on data. Although the Web Container has shielded some differences between the two for the convenience of obtaining variable values, it will be helpful to understand the differences between the two in future programming.
? The get and post methods in form correspond to the get and post methods in the HTTP protocol during data transmission. The main differences between the two are as follows:
? 1. Get is used to  from the server, while post is used to transmit data to the server.
? 2. Get adds the data in the form to the URL pointed to by action in the form of variable = value, and the two use "?" And each variable is connected by "&". Post puts the data in the form data body and passes the data to the URL indicated by the action according to the corresponding variables and values.
? 3. Get is insecure because data is stored in the request URL during transmission, nowadays, many existing servers, proxy servers, or user proxies record the request URL to a log file and place it in a certain place, so that some private information may be seen by a third party. In addition, you can directly view the submitted data in the browser. Some internal messages are displayed in front of the user. All post operations are invisible to users.
? 4. Get transmission has a small amount of data, mainly because it is restricted by the URL length; while post can transmit a large amount of data, so only post can be used for uploading files (of course, there is another reason, as mentioned later ).
? 5. Get restricts that the dataset value of form forms must be ASCII characters, while post supports the entire iso000046 character set.
? 6. Get is the default form method.
  ? Get The data format is the same as that of post:
The maximum byte limit supported by get is 2048 bytes.
The maximum number of bytes supported by post is 2 GB.
Use "Post" And "Get" What is the difference?
In form, you can use post or get. They are all valid values of method. However, the post and get methods are at least two different in use:
1. The get method transmits user input through URL requests. The post method is in another form.
2. You need to use request. querystring to obtain the value of the variable for get-based submission. When using post-based submission, you must use request. Form to access the submitted content.

Study the following code carefully. You can run it to feel it:

Code
<! -- Two forms have different method Attributes -->
<Form action = "getpost. asp" method = "get">
<Input type = "text" name = "text" value = "Hello World"> </input>
<Input type = "Submit" value = "method = get"> </input>
</Form>
<Br>
<Form action = "getpost. asp" method = "Post">
<Input type = "text" name = "text" value = "Hello World"> </input>
<Input type = "Submit" value = "method = post"> </input>
</Form>

<Br>
<Br>

<% If request. querystring ("text") <> "" Then %>
The string passed through the get method is: "<B> <% = request. querystring (" text ") %> </B>" <br>
<% End if %>

<% If request. Form ("text") <> "" Then %>
The string passed through the POST method is: "<B> <% = request. Form (" text ") %> </B>" <br>
<% End if %>

Description
Save the above Code as getpost. asp and run it. First test the POST method. At this time, the URL of the browser does not change, and the returned result is:
The string passed through the POST method is: "Hello World"
Then test the submission using the get method. Note that the URL of the browser is changed:
Http: // localhost/General/form/getpost. asp? TEXT = Hello + world
The returned result is:
The string passed through the get method is: "Hello World"
Finally, submit the file through the POST method. The URL of the browser is:
Http: // localhost/General/form/getpost. asp? TEXT = Hello + world
The returned result is:
The string passed through the get method is: "Hello World"
The string passed through the POST method is: "Hello World"

Prompt
Submitting data through the get method may cause security issues. For example, a login page. When you submit data using the get method, the user name and password will appear on the URL. If:
1. the login page can be cached by the browser;
2. Others can access the customer's machine.
Then, others can read the customer's account and password from the browser's history. Therefore, in some cases, the get method may cause serious security problems.
Suggestions
In form, the POST method is recommended.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.