HTTP Methods: GET vs. POST
The two most used HTTP methods are: GET and POST.
What is HTTP?
The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.
HTTP works as a request-response protocol between a client and server.
A web browser may be the client, and an application on a computer that hosts a web site may be the server.
Example: A client (browser) submits an HTTP request to the server; then the server returns a response to the client. The response contains status information about the request and may also contain the requested content.
Two HTTP Request Methods: GET and POST
Two commonly used methods for a request-response between a client and server are: GET and POST.
- GET - Requests data from a specified resource
- POST - Submits data to be processed to a specified resource
The GET Method
Note that the query string (name/value pairs) is sent in the URL of a GET request:
Some other notes on GET requests:
- GET requests can be cached
- GET requests remain in the browser history
- GET requests can be bookmarked
- GET requests should never be used when dealing with sensitive data
- GET requests have length restrictions
- GET requests should be used only to retrieve data
The POST Method
Note that the query string (name/value pairs) is sent in the HTTP message body of a POST request:
Some other notes on POST requests:
- POST requests are never cached
- POST requests do not remain in the browser history
- POST requests cannot be bookmarked
- POST requests have no restrictions on data length
Compare GET vs. POST
The following table compares the two HTTP methods: GET and POST.
|BACK button/Reload||Harmless||Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)|
|Bookmarked||Can be bookmarked||Cannot be bookmarked|
|Cached||Can be cached||Not cached|
|Encoding type||application/x-www-form-urlencoded||application/x-www-form-urlencoded or multipart/form-data. Use multipart encoding for binary data|
|History||Parameters remain in browser history||Parameters are not saved in browser history|
|Restrictions on data length||Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters)||No restrictions|
|Restrictions on data type||Only ASCII characters allowed||No restrictions. Binary data is also allowed|
|Security||GET is less secure compared to POST because data sent is part of the URL
Never use GET when sending passwords or other sensitive information!
|POST is a little safer than GET because the parameters are not stored in browser history or in web server logs|
|Visibility||Data is visible to everyone in the URL||Data is not displayed in the URL|
Other HTTP Request Methods
The following table lists some other HTTP request methods:
|HEAD||Same as GET but returns only HTTP headers and no document body|
|PUT||Uploads a representation of the specified URI|
|DELETE||Deletes the specified resource|
|OPTIONS||Returns the HTTP methods that the server supports|
|CONNECT||Converts the request connection to a transparent TCP/IP tunnel|