How should I choose between GET and POST methods in HTML forms?

Question

I wish to know all the pros and cons about using these two methods. In particular the implications on web security.

Thanks.

Answer 1

The Google search engine is an example of a GET form, because you should be able to search twice in a row and not affect the results by doing this. It also has the nice effect that you can link to a search results page, because it is a normal GET request, like any other address.

As said previously, use POST for deleting or updating data, but I'd like to add that you should immediately redirect your user to a GET page.

http://en.wikipedia.org/wiki/Post/Redirect/Get

Answer 2

GET and POST method in HTTP are two most popular methods used to transfer data from client to server using HTTP(Hyper Text Transfer Protocol) protocol. Both GET and POST can be used to send request and receive response but there are significant difference between them.

What is GET HTTP Request? HTTP protocol supports several request method you can use while sending request using HTTP or HTTPS protocol. GET is one of them. As the name suggest GET method is to retrieve a page from HTTP Server. One important property of GET request is that any request parameter or query parameter is passed as URL encoded string, appended using "?" character which makes it non secure because whatever information you pass in URL String is visible to everybody.

When to use HTTP GET request As I said GET method is not secure and hence not a suitable choice for transferring confidential data but GET method is extremely useful for retrieving static content from web server. here are some examples where a using GET method make sense: There is no side effect of repeated request. for example clicking a link which points to another page. it doesn't matter if you click the link twice or thrice , This also gives chance browser of server to catch the response for faster retrieval. You are not passing any sensitive and confidential information. instead you just passing some configuration data or session id. You want URL pointed by HTTP GET request to be bookmark-able. Data requires to be sent to Server is not large and can safely accommodated in maximum length of URL supported by all browser. In general different browser has different character limit for URL length but having it under limit is good choice.

What is POST HTTP method POST HTTP request is denoted by method: POST in HTTP request. In POST method data is not sent as part of URL string to server instead in POST, data is sent as part of message body. Almost all authentication request is sent via POST method in HTTP world. POST method is secure because data is not visible in URL String and can be safely encrypted using HTTPS for further security. All sensitive and confidential information sent to be server must go on POST request and via HTTPS (HTTP with SSL). POST method is also used for submitting information to server, any information which can alter state of application like adding item into shopping cart, making payments etc. here are some examples where you should consider using POST method in HTTP request: Use POST if you are sending large data which can not be fit into URL in case of GET. Use POST method if you are passing sensitive and confidential information to server e.g. user_id, password, account number etc. Use POST method if you are submitting data which can alter state of application e.g. adding items into cart for passing that cart for payment processing. Use POST if you are writing secure application and don't want to show query parameters in URL.

Difference between GET and POST method in HTTP Protocol Most of the difference between GET and POST has been already discussed in there respective section. It all depends upon requirement when you want to choose GET and POST and knowledge of these differences help you to make that decision.

GET method passes request parameter in URL String while POST method passes request parameter in request body. GET request can only pass limited amount of data while POST method can pass large amount of data to server. GET request can be bookmarked and cached unlike POST requests. GET is mostly used for view purpose (e.g. SQL SELECT) while POST is mainly use for update purpose (e.g. SQL INSERT or UPDATE).

Referenced from here

Answer 3

To choose between them I use this simple rule:

GET for reads. (reading data and displaying it)

POST for anything that writes (i.e updating a database table, deleting an entry, etc.)

The other consideration is that GET is subjected to the maximum URI length and of course can't handle file uploads.

This page has a good summary.

Answer 4

Take a look at RFC 2616: Section 9 "HTTP/1.1 Method definitions"

Answer 5

GET passes data in the URL, POST passes the same data in the HTTP content, both are exactly the same from a security standpoint (that is, completely insecure unless you do something about it yourself, like using HTTPS).

GET is limited by the maximum URL length supported by the browser and web server, so it can only be used in short forms.

From an HTTP standard viewpoint GET requests should not change the site and browsers/ spiders are much more likely to make GET requests on their own (without the user actually clicking something) then POST requests.