Geek Answers Handbook

GET or POST, which method to use to submit the form?

I am writing a web form for my Ruby on Rails application. The form has a text box, some flags, a set of radio buttons, and two text boxes.

What are the pros and cons of using GET over POST and vice versa. I always thought you should use GET to get the form and POST to submit, but I just found out that you can do both. Does it really matter? Greetings.

<% form_tag({ :action => "create" }, :method => "get") do %>
+4
source share
4 answers

GET requests are always added to the URL where the POST is sent along with the request body. As you noticed, both can be used to retrieve and send data, but there are some differences:

  • Since a GET is sent with a URL, you are limited in size to the maximum length of the query string. It depends on the browser and browser, but is usually at least 2,000 characters (in modern browsers). This is usually not suitable for sending large text fields (e.g. email).

  • HOW the GET command is displayed in the query string, which the user can easily modify by the user.

  • Since the GET command is in the query line, it becomes easier for the user to add bookmarks to a specific page, assuming that your page will work with saved state variables.

  • POST is usually more suitable for sending data since it matches the nature of the request, mainly due to the limitations above.

+17
source

HTML specifications technically define the difference between them as β€œGET” means that the form data must be encoded (by the browser) in the URL, while β€œPOST” means the form data must appear in the body of the message.

However, a recommendation for use would be that the GET method should be used when form processing is "idempotent", and only in those cases. As a simplification, you can say that β€œGET” is mainly intended for receiving (receiving) data, while β€œPOST” can include anything, for example, storing or updating data or orders for a product or sending e-mail.

+5
source

Depends on whether you are semantic or not. Both GET and POST have an internal value if you create an HTML-based API. But in general, GET is used to retrieve data, POST is used to send data.

The biggest difference is that GET puts all the data in a URL (which may be limited in size), while POST sends it as part of the HTTP request data. If you allow data entry using GET requests, you also make many web exploits much easier, such as CSRF. Someone can simply make a pre-filled link to an action of a vulnerable form (say, a password change form?), Send it to unsuspecting users who click on it and unknowingly change their password.

In addition, no browser will warn the user if he refreshes the GET page, which performs data entry (which will make a duplicate entry, if you are not careful), but in POST most browsers will show a warning.

+1
source

I think the other answers related to the main material. I also want to add this bit. Using GET for critical data, such as sending a password on a GET request, will cause the password to be larger than POST, as it will be stored in the browser history cache, proxy caches, server logs, etc.

+1
source

More articles:


All Articles