The difference between an HTTP post and a Get

Source: Internet
Author: User
Tags abs base64 html header http post iis soap representational state transfer





One principle Difference



Generally in the browser to enter the URL access resources are through the get way, in form submission, you can specify the way to submit by using method for Get or post, the default is to submit



HTTP defines different methods of interacting with the server, and the most basic methods are 4 kinds, namely get,post,put,delete



URL full name is a resource descriptor, we can think of: a URL address, which is used to describe a network of resources, and HTTP get,post,put,delete corresponding to this resource to check, change, increase, delete 4 operations. Here, you should have a general understanding, get is generally used to obtain/query resource information, and post is generally used to update resource information ( personally think that this is the essential difference between get and post, but also the intention of the Protocol designers, the other differences are specific manifestations of differences ).



According to the HTTP specification, get is used for information acquisition, and should be secure and idempotent.



1. The so-called security means that the operation is used to obtain information rather than modify information. In other words, get requests should not generally have side effects. That is, it simply gets the resource information, like a database query, that does not modify, adds data, and does not affect the state of the resource.



* Note: The meaning of security here is simply to modify information.



2. Idempotent means that multiple requests to the same URL should return the same result. Here, I'll explain the concept of idempotent : idempotent (idempotent, idempotence) is a mathematical or computational concept that is common in abstract algebra.
Idempotent has the following definitions:
For monocular operations, if an operation is the same as the result of doing this operation for a number of times in a range, then we call the Operation Idempotent. For example, the absolute value operation is an example, in the real number concentration, has abs (a) = ABS (ABS (a)).
For binocular operations, it requires that when the two values of the participating operation are equivalent, if the result of the operation is equal to the two values of the participating operation, it is said that the power of the operation, such as the function of the maximum of two numbers, has a power in the real number, that is, max (x,x) = x.



After reading this explanation, you should be able to understand the meaning of get idempotent.



But in practical applications, the above 2 provisions are not so strict. Cite examples of other people's articles: for example, the front page of a news site is constantly updated. Although the second request returns a different batch of news, the operation is still considered safe and idempotent, as it always returns the current news. Fundamentally, if the goal is when a user opens a link, he can be sure that from his point of view there is no change in resources.



According to the HTTP specification, post represents a request that might modify a resource on a variable server. Continue to cite the example above: or the news to the website, for example, readers of the news to publish their own comments should be implemented by post, because the site after the comments submitted resources are different, or the resources have been modified.



It probably says some of the original reason questions about Get and post in the HTTP specification. But in practice, many people do not follow the HTTP specification, which causes many reasons for this problem, such as:



1. Many people are greedy for convenience, update the resource with GET, because the post must be to form (form), this will be a bit of trouble.



2. The increase of resources, delete, change, check operation, in fact, can be completed through the get/post, do not need to use put and delete.



3. Another is that early but web MVC framework designers have not consciously viewed and designed URLs as abstract resources. A more serious problem is that the traditional Web MVC framework basically supports both get and post two HTTP methods, not the put and delete methods.



* Explain briefly MVC:MVC is originally in the desktop program, m refers to the data model, v refers to the user interface, C is the controller. The purpose of using MVC is to separate the implementation code of M and v so that the same program can use different representations.



The above 3 points typically describe the old style (no strict adherence to the HTTP specification), and as the architecture progresses, there is now rest (representational state Transfer), a new style of support for HTTP specifications, not to mention here, refer to the RESTful Web Services.



Two expression form differences



Figuring out the difference between the two principles, let's take a look at the difference in their actual application:



To understand the difference in the transmission process, let's look at the format of the HTTP protocol:



HTTP request:



<request line>//http Request Line




<blank line>//carriage return line wrapping



[<request-body>]//http request body



In an HTTP request, the first line must be a request line, which describes the type of request, the resource to be accessed, and the HTTP version used. This is followed by a header (header) section that describes the additional information that the server will use. After the header is a blank line, after which you can add any additional data [called the body].



Get and Post Method instance:
Get/books/?sex=man&name=professional http/1.1
Host:www.wrox.com
user-agent:mozilla/5.0 (Windows; U Windows NT 5.1; En-us; rv:1.7.6)
gecko/20050225 firefox/1.0.1
Connection:keep-alive

post/http/1.1
Host:www.wrox.com
user-agent:mozilla/5.0 (Windows; U Windows NT 5.1; En-us; rv:1.7.6)
gecko/20050225 firefox/1.0.1
content-type:application/x-www-form-urlencoded
Content-length:40
Connection:keep-alive
(----a blank line here----)
Name=professional%20ajax&publisher=wiley






With the above understanding and examples of HTTP requests, let's look at the differences between the two submissions:



(1) Get submit, the requested data will be appended to the URL (that is, put the data in the HTTP protocol header), to split the URL and transfer data, multiple parameters with & connection; for example: login.action?name=hyddd&password= Idontknow&verify=%e4%bd%a0%E5%A5%BD. If the data is an English letter/number, sent as is, if it is a space, converted to +, if it is Chinese/other characters, the string is directly encrypted with BASE64, such as:%E4%BD%A0%E5%A5%BD, where the xx in%xx for the symbol in the 16 in ASCII representation.



Post submission: The submitted data is placed in the package body of the HTTP package. The red font in the example above indicates the actual transfer data



Therefore, the data submitted by get is displayed in the Address bar, and post submission, the Address bar does not change



(2) The size of the transmitted data: first of all, the HTTP protocol does not limit the size of the data transmitted, nor does the HTTP protocol specification limit the length of the URL.



And in the actual development of the main limitations are:



Get: Specific browsers and servers have restrictions on the length of URLs, such as IE's limit of 2083 bytes (2k+35) for URL lengths. For other browsers, such as Netscape, Firefox, etc., there is no theoretical length limit, the limit depends on the operating system support.



So for get commits, the transfer data is limited by the length of the URL.



POST: Theoretically, the data is not restricted because it is not passed through a URL. However, the actual Web server will specify the size of the post submission data limits, Apache, IIS6 have their own configuration.



(3) Security:



Post is more secure than get. Note: The security described here is not the same concept as the "security" mentioned above. The meaning of the above "security" is simply not to make data modifications, and here the meaning of security is the meaning of the real, for example: to submit data through get, user name and password will be clear on the URL, because (1) login page is likely to be cached by the browser, (2) Other people to view the history of the browser, Then others can get your account number and password, in addition, use get submit data may also cause Cross-site request forgery attack



(4) HTTP GET,POST,SOAP protocol is run on HTTP
1 Get: The request parameter is appended to the URL as a sequence of key/value pairs (the query string).
The length of the query string is limited by the Web browser and Web server (ie supports up to 2048 characters) and is not suitable for transporting large datasets while it is unsafe
2 post: The request parameter is transmitted in a different part of the HTTP header (named entity body), which is used to transfer the form information, so the Content-type must be set to: application/x-www-form- Urlencoded. Post design is used to support user fields on Web Forms, and their parameters are also transferred as Key/value.
However: it does not support complex data types because post does not define the semantics and rules of the transport data structure.
3 soap: is a special version of HTTP POST, followed by a special XML message format
Content-type set to: Text/xml Any data can be XML



Three HTTP response
1. HTTP response Format:



<status line>//http Response status line
<blank line>//carriage return line wrapping
[<response-body>]//http response body

The only real difference in response is that the first line replaces the request information with state information. The status line indicates the requested resource condition by providing a status code.

HTTP Response instance:

http/1.1 OK
Date:sat, Dec 23:59:59 GMT
Content-type:text/html;charset=iso-8859-1 content-length:122








Wrox Homepage


!--body goes here-->


2. The most commonly used status codes are:

(OK): Found the resource, and everything is OK.
304 (not MODIFIED): The resource has not been modified since the last request. This is commonly used for caching mechanisms in browsers.
401 (Unauthorized): The client is not authorized to access the resource. This usually causes the browser to require the user to enter a user name and password to log on to the server.
403 (Forbidden): Client failed to obtain authorization. This is usually followed by an incorrect user name or password entered after 401.
404 (Not FOUND): The requested resource does not exist at the specified location.



Four complete Example:



Example:



HTTP Get

Send

Get/demowebservices2.8/service.asmx/cancelorder? Userid=string&pwd=string&orderconfirmation=string http/1.1
Host:api.efxnow.com

Reply

http/1.1 OK
Content-type:text/xml; Charset=utf-8
Content-length:length

<?xml version= "1.0" encoding= "Utf-8"?>
<objplaceorderresponse xmlns= "https://api.efxnow.com/webservices2.3" >
<Success>boolean</Success>
<ErrorDescription>string</ErrorDescription>
<ErrorNumber>int</ErrorNumber>
<CustomerOrderReference>long</CustomerOrderReference>
<OrderConfirmation>string</OrderConfirmation>
<CustomerDealRef>string</CustomerDealRef>
</objPlaceOrderResponse>



HTTP POST

Send

Post/demowebservices2.8/service.asmx/cancelorder http/1.1
Host:api.efxnow.com
content-type:application/x-www-form-urlencoded
Content-length:length

Userid=string&pwd=string&orderconfirmation=string

Reply

http/1.1 OK
Content-type:text/xml; Charset=utf-8
Content-length:length

<?xml version= "1.0" encoding= "Utf-8"?>
<objplaceorderresponse xmlns= "https://api.efxnow.com/webservices2.3" >
<Success>boolean</Success>
<ErrorDescription>string</ErrorDescription>
<ErrorNumber>int</ErrorNumber>
<CustomerOrderReference>long</CustomerOrderReference>
<OrderConfirmation>string</OrderConfirmation>
<CustomerDealRef>string</CustomerDealRef>
</objPlaceOrderResponse>



SOAP 1.2

Send

Post/demowebservices2.8/service.asmx http/1.1
Host:api.efxnow.com
Content-type:application/soap+xml; Charset=utf-8
Content-length:length

<?xml version= "1.0" encoding= "Utf-8"?>
<soap12:envelope xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd= "http://www.w3.org/2001/ XmlSchema "xmlns:soap12=" Http://www.w3.org/2003/05/soap-envelope ">
<soap12:Body>
<cancelorder xmlns= "https://api.efxnow.com/webservices2.3" >
<UserID>string</UserID>
<PWD>string</PWD>
<OrderConfirmation>string</OrderConfirmation>
</CancelOrder>
</soap12:Body>
</soap12:Envelope>

Reply

http/1.1 OK
Content-type:application/soap+xml; Charset=utf-8
Content-length:length

<?xml version= "1.0" encoding= "Utf-8"?>
<soap12:envelope xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd= "http://www.w3.org/2001/ XmlSchema "xmlns:soap12=" Http://www.w3.org/2003/05/soap-envelope ">
<soap12:Body>
<cancelorderresponse xmlns= "https://api.efxnow.com/webservices2.3" >
<CancelOrderResult>
<Success>boolean</Success>
<ErrorDescription>string</ErrorDescription>
<ErrorNumber>int</ErrorNumber>
<CustomerOrderReference>long</CustomerOrderReference>
<OrderConfirmation>string</OrderConfirmation>
<CustomerDealRef>string</CustomerDealRef>
</CancelOrderResult>
</CancelOrderResponse>
</soap12:Body>
</soap12:Envelope>





This article turns from: http://hi.baidu.com/eveready/blog/item/585bbb30fbcee915eac4af27.html







Get and post are just a way of passing data, and getting can upload data to the server, and their essence is to send requests and receive results. There is a difference between the organization format and the amount of data, which is described in the HTTP protocol
2. Get is to add the parameter data queue to the URL of the action attribute that submits the form, and the value corresponds to each field one by one in the form, which can be seen in the URL. Post is the HTTP post mechanism that places the fields in the form and their contents in the HTML header to the URL address that the action attribute refers to. This process is not visible to the user.
Because get is designed to transmit small data, and it is best not to modify the server data, so the browser is generally in the address bar can be seen, but post is generally used to pass large data, or compare the privacy of the data, so in the address bar see, can not see the agreement is not stipulated, is the browser.
3. For Get way, server end uses Request.QueryString to obtain variable value, for post way, server end uses Request.Form to obtain the submitted data.
Don't understand, how to get the variable and your server-related, and not get or post, the server has to do the encapsulation of these requests
4. The amount of data transferred by get is small and cannot be greater than 2KB. Post transfers have a large amount of data, which is generally default to unrestricted. In theory, however, the maximum number of IIS4 is 100KB in 80KB,IIS5.
Post basically no limit, I think we all uploaded files, are the post way. Just to change the type parameter inside the form
5. Get security is very low, post security is high.
If there is no encryption, they are the same level of security, any listener can be all the data to listen to, do not trust yourself next monitor network resources software,












On HTTP POST and put



HTTP defines different methods of interacting with the server, and the most basic methods are 4 kinds, namely get,post,put,delete. URL full name is a resource descriptor, we can think of: a URL address, which is used to describe a network of resources, and HTTP get,post,put,delete corresponding to this resource to check, change, increase, delete 4 operations. Here, you should have a rough idea, get is generally used to obtain/query resource information, and post is generally used to update resource information.



  1. According to the HTTP specification, get is used for information acquisition and should be secure and idempotent.



(1). The so-called security means that the operation is used to obtain information rather than modify information. In other words, get requests should not generally have side effects. That is, it simply gets the resource information, like a database query, that does not modify, adds data, and does not affect the state of the resource.



* Note: The meaning of security here is simply to modify information.



(2). Idempotent means that multiple requests to the same URL should return the same result. Here, I'll explain the concept of idempotent : idempotent (idempotent, idempotence) is a mathematical or computational concept that is common in abstract algebra.
Idempotent has several definitions:
For monocular operations, if an operation is the same as the result of doing this operation for a number of times in a range, then we call the Operation Idempotent. For example, the absolute value operation is an example, in the real number concentration, has abs (a) = ABS (ABS (a)).
For binocular operations, it requires that when the two values of the participating operation are equivalent, if the result of the operation is equal to the two values of the participating operation, it is said that the power of the operation, such as the function of the maximum of two numbers, has the power in the real number concentration, that is, max (x,x) = x.



After reading this explanation, you should be able to understand the meaning of get idempotent.



But in practical applications, the above 2 provisions are not so strict. Cite examples of other people's articles: for example, the front page of a news site is constantly updated. Although the second request returns a different batch of news, the operation is still considered safe and idempotent, as it always returns the current news. Fundamentally, if the goal is when a user opens a link, he can be sure that from his point of view there is no change in resources.



  2. According to the HTTP specification, post represents a request that might modify a resource on a variable server. Continue to cite the example above: or the news to the website, for example, readers of the news to publish their own comments should be implemented by post, because the site after the comments submitted resources are different, or the resources have been modified.






It probably says some of the original reason questions about Get and post in the HTTP specification. But in practice, many people do not follow the HTTP specification, which causes many reasons for this problem, such as:



  1. Many people are greedy for convenience, update the resource with GET, because the post must be to form (form), this will be a bit of trouble.



  2. The increase of resources, delete, change, check operation, in fact, can be completed through the get/post, do not need to use put and delete.



  3. Another is that the early web MVC framework designers did not consciously view and design URLs as abstract resources, so a more serious problem is that the traditional Web MVC framework basically supports only get and post two HTTP methods, The put and delete methods are not supported.



* Explain briefly MVC:MVC is originally in the desktop program, m refers to the data model, v refers to the user interface, C is the controller. The purpose of using MVC is to separate the implementation code of M and v so that the same program can use different representations.



The above 3 points typically describe the old style (no strict adherence to the HTTP specification), and as the architecture progresses, there is now rest (representational state Transfer), a new style of support for HTTP specifications, not to mention here, refer to the RESTful Web Services.






Having said the question of the original reason, we can look at the difference between get and post from the surface as above:



  1. The data for the GET request is appended to the URL (that is, the data is placed in the HTTP protocol header) to split the URL and transmit the data, and the parameters are connected to the &, such as: Login.action?name=hyddd&password=idontknow &VERIFY=%E4%BD%A0%E5%A5%BD. If the data is an English letter/number, sent as is, if it is a space, converted to +, if it is Chinese/other characters, the string is directly encrypted with BASE64, such as:%E4%BD%A0%E5%A5%BD, where the xx in%xx for the symbol in the 16 in ASCII representation.



Post puts the submitted data in the package body of the HTTP package.



  2. " Get way to submit the data can only be 1024 bytes, theoretically post No limit, can pass a large number of data, IIS4 in the largest 80kb,iis5 in the 100KB "...



The above sentence is from other articles I turn over, in fact, this is wrong, inaccurate:



(1). First of all, "the data submitted by Get method can only be 1024 bytes", because get is to submit data through the URL, then the amount of data to be submitted can be directly related to the length of the URL. In fact, the URL does not have the problem of the upper limit of the parameters, the HTTP protocol specification does not limit the length of the URL. This restriction is restricted by specific browsers and servers. The Internet Explorer limit for URL length is 2083 bytes (2k+35). For other browsers, such as Netscape, Firefox, etc., there is no theoretical length limit, the limit depends on the operating system support.



Note that this limit is the length of the entire URL, not just the length of your parameter value data. [See Resources 5]



(2). In theory, post is not the size limit, the HTTP protocol specification is not the size limit, said that "post data volume exists 80k/100k size limit" is inaccurate, post data is unrestricted, the limit is the processing of the server's processing capacity.



For ASP programs, the request object has a 100K data length limit when it processes each form field. But there is no such limit if you use Request.BinaryRead.



Extended by this, for IIS 6.0, Microsoft has increased its restrictions for security reasons. We also need to note:



1). The maximum number of IIS 6.0 default ASP post data is 200KB, and each form field limit is 100KB.
2). The maximum size of the IIS 6.0 default upload file is 4MB.
3). The default maximum request header for IIS 6.0 is 16KB.
IIS 6.0 does not have these restrictions before. [See Resources 5]



So the above 80k,100k may be just the default value (Note: I haven't confirmed the parameters about IIS4 and IIS5), but I'm sure I can set it myself. Because each version of IIS does not have the same default values for these parameters, refer to the relevant IIS configuration documentation.



  3. In ASP, the server gets get request parameter with Request.QueryString, gets the POST request parameter with Request.Form. In JSP, use the REQUEST.G


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.