The difference between post and get in PHP

If someone asks you, get and post, what's the difference? How would you respond?

My experience.

I was asked this question a few days ago. I say get is used to get data, POST, which is generally used to send data to the server.

The answer seems not to be what he wants. So he went on asking if there was any other difference? I say it's just a name, and if the server supports it, he can change the get to a name called GET2. He asked, is that the simple name of the difference? I think, I think that if the specific difference, can only go to see the RFC document, but also depends on the server (refers to Apache,iis) the specific implementation. But I have to admit, I did not look closely at the RFC documentation for HTTP. So I said, I'm not familiar with the HTTP protocol. This is the end of the question.

The most common answer

After coming back and thinking for a long time, what was he trying to ask me? I've always felt that get and post have nothing to do with anything other than semantics, since I started learning about Web programming.

Probably a lot of people have guessed that the answer he wants is:

Get uses a URL or cookie to pass a parameter. And the post puts the data in the body.

The URL of get is limited in length, then the post data can be very large.

Post is safer than get because the data is not visible on the address bar.

Unfortunately, these distinctions are all wrong, and, unfortunately, the answer is the headline of Google search, but I don't think they are the answer, because in my opinion they are all wrong. Let me explain to you in one by one.

1. Get and post are not related to how data is delivered

Get and post are defined by the HTTP protocol. In the HTTP protocol, method and data (URL, Body, Header) are two orthogonal concepts, that is, there is no correlation between the method used and how the application layer's data is transmitted.

HTTP is not required, if the method is the post data will be placed in the body. There is no requirement that if the method is get, the data (parameters) must be placed in the URL instead of being placed in the body.

So, where does the idea of the internet spread widely? I found a similar description in the HTML standard. This is consistent with the online spread of the statement. However, this is only a convention for the use of the HTTP protocol by the HTML standard. How can it be the difference between get and post?

Also, modern Web servers support requests that contain the body in get. Although this request may not be issued from the browser, but now the Web server is not only for the browser, has completely exceeded the scope of the HTML server.

What's the use of knowing this? I don't want to explain, sometimes I have to hurt myself to remember to live.

2. The HTTP protocol has no limit on the length of Get and post

The HTTP protocol explicitly states that neither the HTTP header nor the body has a length requirement. There are two reasons for the limitation of URL length:

Browser. It is said that the early browser will limit the length of the URL. It is said that IE will limit the length of the URL to 2048 characters characters (spread very wide, and many colleagues agree). But I tried it myself, and I constructed a 90K URL to access live.com through IE9, which is normal. Things on the internet, even on Wikipedia, can't be trusted.

Server. The URL is long and is a burden on server processing. There is not much data for a session, and now if someone maliciously constructs a few m-sized URLs and keeps accessing your server. The maximum number of concurrent servers will obviously drop. Another way to attack is to tell the server content-length is a very large number, and then only to the server to send a little data, hey, the server you are silly to wait to go. Even if you have a timeout setting, this deliberate secondary access timeout can also make the server suffer. In view of this, most servers for security, stability considerations, the URL length will be added restrictions. However, this restriction is for all HTTP requests and is not related to get or post.

Security insecure and get, post does not matter

I think this is really Chinese characteristics. I'll tell you a little joke, and everyone should be able to understand how ridiculous this is.

People who feel that post data is safer than get data will say

"Anti-gentleman is not a villain; China small white more, can prevent small white users on the line." ”

"Hum," I do not think, "then you do not say, url parameters are encode, or Base64, small white also can not understand AH." ”

The man retorted, "Encode is too simple, smart little white can easily be decode and modified." ”

I laughed, "kettle black Ear, and then the clever little white will also cut the packet and re-hair, Opera has this function." ”

The man sinister sacrificed the artifact--the power of final interpretation, said, "This is not a small white." ”

My day.

The last bit of feeling

I've been a Windows desktop app before, and I didn't know much about web development until I turned to server-side development more than a year ago to start contacting HTTP. (Note that I'm talking about HTTP, not HTML.) The server Open interface is designed based on the rest concept, and the protocol used is HTTP, but the content being transmitted is not HTML. This is not a Web Server, but a web Service)

So my understanding of get and post is purely rooted in the HTTP protocol. They only have a bit of a fundamental difference, simply say, one for getting data, one for modifying data. Please refer to the RFC documentation for details.

If a person in the beginning to do web development, it is likely to use HTML to the HTTP protocol, as the HTTP protocol is the only reasonable use of the way. Thus made a sweeping mistake.

Maybe someone will think I'm in a dead alley. I just do not like ambiguous, do not like the border is unclear, the concept is not clear, do not like "take doctrine", also do not like to be other like the person who likes to ridicule the shame.

At this end of the tutorial, if you want to learn more about the tutorials, you can go to the public wisdom.

The difference between post and get in PHP