The difference between the get and post methods of the HTTP protocol one common argument
Believe that many people are more or less aware of the get and post differences, we most often say a few differences is just a few:
1. The request message format is different, that is, get uses a URL or a cookie to pass parameters, and post uses the body pass parameters:A. POST request format
Request method Request URL Protocol/version
Post/lance/query http/1.1
Request Header
accept:image/gif.image/jpeg,*/*
Accept-language:zh-cn
Content-length:28
The body of the request, with a blank line before the request header
Username=lance&password=abcd
B. Get request format
Request method Request URL Protocol/version
POST/LANCE/QUERY?USERNAME=LANCE&PASSWORD=ABCD http/1.1
Request Header
accept:image/gif.image/jpeg,*/*
Accept-language:zh-cn
2. Get URLs will have a length limit, and post data can be not limited by the URL, can be very large 3. Post is safer than get because the pass-through parameter is not visible in the URLIt's understandable if you're a newly graduated undergraduate, and if you're an old driver after you've been working for n years, you're not going to understand that.
ii. Truth and facts
1. Get and post are not related to the way parameters are passed
Get and Post are the methods defined by the HTTP protocol, using a combination of methods, URLs, body, and headers, with no restrictions on which method to use and what parameters to use (the post can also use URL parameters, get can also use body parameters). However, the HTML standard for the specification of use, do get and post instructions, so we will produce get and post the way of misunderstanding. However, many modern servers not only support the use of browser access, but also support the use of other clients outside the browser, there is no consideration of the HTML standard conventions. 2. URL Length Limitations
HTTP protocol does not limit the length of url,body and headers, but different browsers and servers in the implementation of the HTTP protocol, in order not to affect the service, improve the availability of services, the general restrictions, different browser and server specific length restrictions, Many services can set the maximum data request length by configuration:
Browser: Maximum URL length (from: http://www.cnblogs.com/henryhappier/archive/2010/10/09/1846554.html, for reference only)
ie:2083 characters
firefox:65,536 characters
safari:80,000
opera:190,000
Google chrome:8182 3. Security issues
Because get and post are not related to the way parameters are passed, there is no more secure get than post. But for the HTML standard conventions of Get and post, one for getting data, and one for modifying data, the security issues are as follows:
When the Web Server client browser submits the data, it first saves the data to the memory receiving buffer, and then the processing action is done later. Since the Post method has a content-length length tag (content-length if present, it must be equal to the transmission length of the message content, if it is too short it will be truncated and too long will result in a timeout). The Web server creates a storage space that is equal to or larger depending on the size of the content-length, and for the Get method, because it does not know the size of the data submitted, it can only estimate the length of the buffer, and if the estimated size is large and the received data is very small, it can waste memory, and if the estimate is smaller than the can cause a buffer overflow.
Resources:
1.http://blog.sina.com.cn/s/blog_9f6de58301018axo.html
2.http://www.cnblogs.com/henryhappier/archive/2010/10/09/1846554.html