When should I use GET or POST method What s the difference between them

Question

What s the difference when using GET or POST method  Which one is more secure  What are  dis advantages of each of them    similar question

User · Answer

The reason for using POST when making changes to data:

A web accelerator like Google Web Accelerator will click all (GET) links on a page and cache them. This is very bad if the links make changes to things.
A browser caches GET requests so even if the user clicks the link it may not send a request to the server to execute the change.
To protect your site/application against CSRF you must use POST. To completely secure your app you must then also generate a unique identifier on the server and send that along in the request.

Also, don't put sensitive information in the query string (only option with GET) because it shows up in the address bar, bookmarks and server logs.

Hopefully this explains why people say POST is 'secure'. If you are transmitting sensitive data you must use SSL.

User · Answer

You should use POST if there is a lot of data  or sort-of sensitive information  really sensitive stuff needs a secure connection as well     Use GET if you want people to be able to bookmark your page  because all the data is included with the bookmark    Just be careful of people hitting REFRESH with the GET method  because the data will be sent again every time without warning the user  POST sometimes warns the user about resending data

User · Answer

GET method is use to send the less sensitive data whereas POST method is use to send the sensitive data  Using the POST method you can send large amount of data compared to GET method  Data sent by GET method is visible in browser header bar whereas data send by POST method is invisible

User · Answer

You should use POST if there is a lot of data  or sort-of sensitive information  really sensitive stuff needs a secure connection as well     Use GET if you want people to be able to bookmark your page  because all the data is included with the bookmark    Just be careful of people hitting REFRESH with the GET method  because the data will be sent again every time without warning the user  POST sometimes warns the user about resending data

User · Answer

This W3C document explains the use of HTTP GET and POST   I think it is an authoritative source   The summary is  section 1 3 of the document          Use GET if the interaction is more like a question  i e   it is a safe operation such as a query  read operation  or lookup     Use POST if          The interaction is more like an order  or   The interaction changes the state of the resource in a way that the   user would perceive  e g   a subscription to a service   or   The user be held accountable for the results of the interaction

User · Answer

It s not a matter of security  The HTTP protocol defines GET-type requests as being idempotent  while POSTs may have side effects  In plain English  that means that GET is used for viewing something  without changing it  while POST is used for changing something  For example  a search page should use GET  while a form that changes your password should use POST   Also  note that PHP confuses the concepts a bit  A POST request gets input from the query string and through the request body  A GET request just gets input from the query string  So a POST request is a superset of a GET request  you can use   GET in a POST request  and it may even make sense to have parameters with the same name in   POST and   GET that mean different things   For example  let s say you have a form for editing an article  The article-id may be in the query string  and  so  available through   GET  id     but let s say that you want to change the article-id  The new id may then be present in the request body    POST  id     OK  perhaps that s not the best example  but I hope it illustrates the difference between the two

User · Answer

Get and Post methods have nothing to do with the server technology you are using  it works the same in php  asp net or ruby  GET and POST are part of HTTP protocol  As mark noted  POST is more secure  POST forms are also not cached by the browser  POST is also used to transfer large quantities of data

User · Answer

When the user enters information in a form and clicks Submit   there are two ways the information can be sent from the browser to the server  in the URL  or within the body of the HTTP request   The GET method  which was used in the example earlier  appends name value pairs to the URL  Unfortunately  the length of a URL is limited  so this method only works if there are only a few parameters  The URL could be truncated if the form uses a large number of parameters  or if the parameters contain large amounts of data  Also  parameters passed on the URL are visible in the address field of the browser not the best place for a password to be displayed   The alternative to the GET method is the POST method  This method packages the name value pairs inside the body of the HTTP request  which makes for a cleaner URL and imposes no size limitations on the forms output  It is also more secure

User · Answer

It s not a matter of security  The HTTP protocol defines GET-type requests as being idempotent  while POSTs may have side effects  In plain English  that means that GET is used for viewing something  without changing it  while POST is used for changing something  For example  a search page should use GET  while a form that changes your password should use POST   Also  note that PHP confuses the concepts a bit  A POST request gets input from the query string and through the request body  A GET request just gets input from the query string  So a POST request is a superset of a GET request  you can use   GET in a POST request  and it may even make sense to have parameters with the same name in   POST and   GET that mean different things   For example  let s say you have a form for editing an article  The article-id may be in the query string  and  so  available through   GET  id     but let s say that you want to change the article-id  The new id may then be present in the request body    POST  id     OK  perhaps that s not the best example  but I hope it illustrates the difference between the two

User · Answer

There are two common  security  implications to using GET  Since data appears in the URL string its possible someone looking over your shoulder at Address Bar URL may be able to view something they should not be privy to such as a session cookie that could potentially be used to hijack your session  Keep in mind everyone has camera phones   The other security implication of GET has to do with GET variables being logged to most web servers access log as part of the requesting URL   Depending on the situation  regulatory climate and general sensitivity of the data this can potentially raise concerns   Some clients firewalls IDS systems may frown upon GET requests containing an excessive amount of data and may therefore provide unreliable results   POST supports advanced functionality such as support for multi-part binary input used for file uploads to web servers   POST requires a content-length header which may increase the complexity of an application specific client implementation as the size of data submitted must be known in advance preventing a client request from being formed in an exclusively single-pass incremental mode  Perhaps a minor issue for those choosing to abuse HTTP by using it as an RPC  Remote Procedure Call  transport   Others have already done a good job in covering the semantic differences and the  when  part of this question

User · Answer

There are two common  security  implications to using GET  Since data appears in the URL string its possible someone looking over your shoulder at Address Bar URL may be able to view something they should not be privy to such as a session cookie that could potentially be used to hijack your session  Keep in mind everyone has camera phones   The other security implication of GET has to do with GET variables being logged to most web servers access log as part of the requesting URL   Depending on the situation  regulatory climate and general sensitivity of the data this can potentially raise concerns   Some clients firewalls IDS systems may frown upon GET requests containing an excessive amount of data and may therefore provide unreliable results   POST supports advanced functionality such as support for multi-part binary input used for file uploads to web servers   POST requires a content-length header which may increase the complexity of an application specific client implementation as the size of data submitted must be known in advance preventing a client request from being formed in an exclusively single-pass incremental mode  Perhaps a minor issue for those choosing to abuse HTTP by using it as an RPC  Remote Procedure Call  transport   Others have already done a good job in covering the semantic differences and the  when  part of this question

User · Answer

Get and Post methods have nothing to do with the server technology you are using  it works the same in php  asp net or ruby  GET and POST are part of HTTP protocol  As mark noted  POST is more secure  POST forms are also not cached by the browser  POST is also used to transfer large quantities of data

User · Answer

The reason for using POST when making changes to data:

A web accelerator like Google Web Accelerator will click all (GET) links on a page and cache them. This is very bad if the links make changes to things.
A browser caches GET requests so even if the user clicks the link it may not send a request to the server to execute the change.
To protect your site/application against CSRF you must use POST. To completely secure your app you must then also generate a unique identifier on the server and send that along in the request.

Also, don't put sensitive information in the query string (only option with GET) because it shows up in the address bar, bookmarks and server logs.

Hopefully this explains why people say POST is 'secure'. If you are transmitting sensitive data you must use SSL.

User · Answer

Use GET method if you want to retrieve the resources from URL  You could always see the last page if you hit the back button of your browser  and it could be bookmarked  so it is not as secure as POST method   Use POST method if you want to  submit  something to the URL  For example you want to create a google account and you may need to fill in all the detailed information  then you hit  submit  button  POST method is called here   once you submit successfully  and try to hit back button of your browser  you will get error or a new blank form  instead of last page with filled form

User · Answer

The best answer was the first one   You are using     GET when you want to retrieve data  GET DATA   POST when you want to send data  POST DATA

User · Answer

All or perhaps most of the answers in this question and in other questions on SO relating to GET and POST are misguided  They are technically correct and they explain the standards correctly  but in practice it s completely different  Let me explain  GET is considered to be idempotent  but it doesn t have to be  You can pass parameters in a GET to a server script that makes permanent changes to data  Conversely  POST is considered not idempotent  but you can POST to a script that makes no changes to the server  So this is a false dichotomy and irrelevant in practice  Further  it is a mistake to say that GET cannot harm anything if reloaded - of course it can if the script it calls and the parameters it passes are making a permanent change  like deleting data for examples   And so can POST  Now  we know that POST is  by far  more secure because it doesn t expose the parameters being passed  and it is not cached  Plus you can pass more data and you GET a clean  non-confusing URL  And it does everything that GET can do  So it is simply better  At least in production  So in practice  when should you use GET vs  POST  I use GET during development so I can see and tweak the parameters I am passing  I use it to quickly try different values  to test conditions for example  or even different parameters  I can do that without having to build a form and having to modify it if I need a different set of parameters  I simply edit the URL in my browser as needed  Once development is done  or at least stable  I switch everything to POST  If you can think of any technical reason that this is incorrect  I would be very happy to learn

User · Answer

I use GET when I m retrieving information from a URL and POST when I m sending information to a URL

User · Answer

GET and POST are HTTP methods which can achieve similar goals  GET is basically for just getting  retrieving  data  A GET should not have a body  so aside from cookies  the only place to pass info is in the URL and URLs are limited in length   GET is less secure compared to POST because data sent is part of the URL  Never use GET when sending passwords  credit card or other sensitive information   Data is visible to everyone in the URL  Can be cached data    GET is harmless when we are reloading or calling back button  it will be book marked  parameters remain in browser history  only ASCII characters allowed    POST may involve anything  like storing or updating data  or ordering a product  or sending e-mail  POST method has a body   POST method is secured for passing sensitive and confidential information to server it will not visible in query parameters in URL and parameters are not saved in browser history  There are no restrictions on data length  When we are reloading the browser should alert the user that the data are about to be re-submitted  POST method cannot be bookmarked

User · Answer

The best answer was the first one   You are using     GET when you want to retrieve data  GET DATA   POST when you want to send data  POST DATA

User · Answer

All or perhaps most of the answers in this question and in other questions on SO relating to GET and POST are misguided  They are technically correct and they explain the standards correctly  but in practice it s completely different  Let me explain  GET is considered to be idempotent  but it doesn t have to be  You can pass parameters in a GET to a server script that makes permanent changes to data  Conversely  POST is considered not idempotent  but you can POST to a script that makes no changes to the server  So this is a false dichotomy and irrelevant in practice  Further  it is a mistake to say that GET cannot harm anything if reloaded - of course it can if the script it calls and the parameters it passes are making a permanent change  like deleting data for examples   And so can POST  Now  we know that POST is  by far  more secure because it doesn t expose the parameters being passed  and it is not cached  Plus you can pass more data and you GET a clean  non-confusing URL  And it does everything that GET can do  So it is simply better  At least in production  So in practice  when should you use GET vs  POST  I use GET during development so I can see and tweak the parameters I am passing  I use it to quickly try different values  to test conditions for example  or even different parameters  I can do that without having to build a form and having to modify it if I need a different set of parameters  I simply edit the URL in my browser as needed  Once development is done  or at least stable  I switch everything to POST  If you can think of any technical reason that this is incorrect  I would be very happy to learn

User · Answer

Get and Post methods have nothing to do with the server technology you are using  it works the same in php  asp net or ruby  GET and POST are part of HTTP protocol  As mark noted  POST is more secure  POST forms are also not cached by the browser  POST is also used to transfer large quantities of data

User · Answer

I use GET when I m retrieving information from a URL and POST when I m sending information to a URL

User · Answer

GET method is use to send the less sensitive data whereas POST method is use to send the sensitive data  Using the POST method you can send large amount of data compared to GET method  Data sent by GET method is visible in browser header bar whereas data send by POST method is invisible

User · Answer

The reason for using POST when making changes to data:

A web accelerator like Google Web Accelerator will click all (GET) links on a page and cache them. This is very bad if the links make changes to things.
A browser caches GET requests so even if the user clicks the link it may not send a request to the server to execute the change.
To protect your site/application against CSRF you must use POST. To completely secure your app you must then also generate a unique identifier on the server and send that along in the request.

Also, don't put sensitive information in the query string (only option with GET) because it shows up in the address bar, bookmarks and server logs.

Hopefully this explains why people say POST is 'secure'. If you are transmitting sensitive data you must use SSL.

User · Answer

It s not a matter of security  The HTTP protocol defines GET-type requests as being idempotent  while POSTs may have side effects  In plain English  that means that GET is used for viewing something  without changing it  while POST is used for changing something  For example  a search page should use GET  while a form that changes your password should use POST   Also  note that PHP confuses the concepts a bit  A POST request gets input from the query string and through the request body  A GET request just gets input from the query string  So a POST request is a superset of a GET request  you can use   GET in a POST request  and it may even make sense to have parameters with the same name in   POST and   GET that mean different things   For example  let s say you have a form for editing an article  The article-id may be in the query string  and  so  available through   GET  id     but let s say that you want to change the article-id  The new id may then be present in the request body    POST  id     OK  perhaps that s not the best example  but I hope it illustrates the difference between the two

User · Answer

I use GET when I m retrieving information from a URL and POST when I m sending information to a URL

User · Answer

The GET method    It is used only for sending 256 character date When using this method  the information can be seen on the browser It is the default method used by forms It is not so secured      The POST method    It is used for sending unlimited data  With this method  the information cannot be seen on the browser You can explicitly mention the POST method It is more secured than the GET method It provides more advanced features

User · Answer

You should use POST if there is a lot of data  or sort-of sensitive information  really sensitive stuff needs a secure connection as well     Use GET if you want people to be able to bookmark your page  because all the data is included with the bookmark    Just be careful of people hitting REFRESH with the GET method  because the data will be sent again every time without warning the user  POST sometimes warns the user about resending data

User · Answer

It s not a matter of security  The HTTP protocol defines GET-type requests as being idempotent  while POSTs may have side effects  In plain English  that means that GET is used for viewing something  without changing it  while POST is used for changing something  For example  a search page should use GET  while a form that changes your password should use POST   Also  note that PHP confuses the concepts a bit  A POST request gets input from the query string and through the request body  A GET request just gets input from the query string  So a POST request is a superset of a GET request  you can use   GET in a POST request  and it may even make sense to have parameters with the same name in   POST and   GET that mean different things   For example  let s say you have a form for editing an article  The article-id may be in the query string  and  so  available through   GET  id     but let s say that you want to change the article-id  The new id may then be present in the request body    POST  id     OK  perhaps that s not the best example  but I hope it illustrates the difference between the two

User · Answer

The GET method    It is used only for sending 256 character date When using this method  the information can be seen on the browser It is the default method used by forms It is not so secured      The POST method    It is used for sending unlimited data  With this method  the information cannot be seen on the browser You can explicitly mention the POST method It is more secured than the GET method It provides more advanced features

User · Answer

Get and Post methods have nothing to do with the server technology you are using  it works the same in php  asp net or ruby  GET and POST are part of HTTP protocol  As mark noted  POST is more secure  POST forms are also not cached by the browser  POST is also used to transfer large quantities of data

User · Answer

When the user enters information in a form and clicks Submit   there are two ways the information can be sent from the browser to the server  in the URL  or within the body of the HTTP request   The GET method  which was used in the example earlier  appends name value pairs to the URL  Unfortunately  the length of a URL is limited  so this method only works if there are only a few parameters  The URL could be truncated if the form uses a large number of parameters  or if the parameters contain large amounts of data  Also  parameters passed on the URL are visible in the address field of the browser not the best place for a password to be displayed   The alternative to the GET method is the POST method  This method packages the name value pairs inside the body of the HTTP request  which makes for a cleaner URL and imposes no size limitations on the forms output  It is also more secure

User · Answer

Use GET method if you want to retrieve the resources from URL  You could always see the last page if you hit the back button of your browser  and it could be bookmarked  so it is not as secure as POST method   Use POST method if you want to  submit  something to the URL  For example you want to create a google account and you may need to fill in all the detailed information  then you hit  submit  button  POST method is called here   once you submit successfully  and try to hit back button of your browser  you will get error or a new blank form  instead of last page with filled form

User · Answer

I use GET when I m retrieving information from a URL and POST when I m sending information to a URL

User · Answer

There are two common  security  implications to using GET  Since data appears in the URL string its possible someone looking over your shoulder at Address Bar URL may be able to view something they should not be privy to such as a session cookie that could potentially be used to hijack your session  Keep in mind everyone has camera phones   The other security implication of GET has to do with GET variables being logged to most web servers access log as part of the requesting URL   Depending on the situation  regulatory climate and general sensitivity of the data this can potentially raise concerns   Some clients firewalls IDS systems may frown upon GET requests containing an excessive amount of data and may therefore provide unreliable results   POST supports advanced functionality such as support for multi-part binary input used for file uploads to web servers   POST requires a content-length header which may increase the complexity of an application specific client implementation as the size of data submitted must be known in advance preventing a client request from being formed in an exclusively single-pass incremental mode  Perhaps a minor issue for those choosing to abuse HTTP by using it as an RPC  Remote Procedure Call  transport   Others have already done a good job in covering the semantic differences and the  when  part of this question

User · Answer

When the user enters information in a form and clicks Submit   there are two ways the information can be sent from the browser to the server  in the URL  or within the body of the HTTP request   The GET method  which was used in the example earlier  appends name value pairs to the URL  Unfortunately  the length of a URL is limited  so this method only works if there are only a few parameters  The URL could be truncated if the form uses a large number of parameters  or if the parameters contain large amounts of data  Also  parameters passed on the URL are visible in the address field of the browser not the best place for a password to be displayed   The alternative to the GET method is the POST method  This method packages the name value pairs inside the body of the HTTP request  which makes for a cleaner URL and imposes no size limitations on the forms output  It is also more secure

User · Answer

You should use POST if there is a lot of data  or sort-of sensitive information  really sensitive stuff needs a secure connection as well     Use GET if you want people to be able to bookmark your page  because all the data is included with the bookmark    Just be careful of people hitting REFRESH with the GET method  because the data will be sent again every time without warning the user  POST sometimes warns the user about resending data

User · Answer

When the user enters information in a form and clicks Submit   there are two ways the information can be sent from the browser to the server  in the URL  or within the body of the HTTP request   The GET method  which was used in the example earlier  appends name value pairs to the URL  Unfortunately  the length of a URL is limited  so this method only works if there are only a few parameters  The URL could be truncated if the form uses a large number of parameters  or if the parameters contain large amounts of data  Also  parameters passed on the URL are visible in the address field of the browser not the best place for a password to be displayed   The alternative to the GET method is the POST method  This method packages the name value pairs inside the body of the HTTP request  which makes for a cleaner URL and imposes no size limitations on the forms output  It is also more secure

User · Answer

There are two common  security  implications to using GET  Since data appears in the URL string its possible someone looking over your shoulder at Address Bar URL may be able to view something they should not be privy to such as a session cookie that could potentially be used to hijack your session  Keep in mind everyone has camera phones   The other security implication of GET has to do with GET variables being logged to most web servers access log as part of the requesting URL   Depending on the situation  regulatory climate and general sensitivity of the data this can potentially raise concerns   Some clients firewalls IDS systems may frown upon GET requests containing an excessive amount of data and may therefore provide unreliable results   POST supports advanced functionality such as support for multi-part binary input used for file uploads to web servers   POST requires a content-length header which may increase the complexity of an application specific client implementation as the size of data submitted must be known in advance preventing a client request from being formed in an exclusively single-pass incremental mode  Perhaps a minor issue for those choosing to abuse HTTP by using it as an RPC  Remote Procedure Call  transport   Others have already done a good job in covering the semantic differences and the  when  part of this question

User · Answer

This W3C document explains the use of HTTP GET and POST   I think it is an authoritative source   The summary is  section 1 3 of the document          Use GET if the interaction is more like a question  i e   it is a safe operation such as a query  read operation  or lookup     Use POST if          The interaction is more like an order  or   The interaction changes the state of the resource in a way that the   user would perceive  e g   a subscription to a service   or   The user be held accountable for the results of the interaction

User · Answer

The reason for using POST when making changes to data:

A web accelerator like Google Web Accelerator will click all (GET) links on a page and cache them. This is very bad if the links make changes to things.
A browser caches GET requests so even if the user clicks the link it may not send a request to the server to execute the change.
To protect your site/application against CSRF you must use POST. To completely secure your app you must then also generate a unique identifier on the server and send that along in the request.

Also, don't put sensitive information in the query string (only option with GET) because it shows up in the address bar, bookmarks and server logs.

Hopefully this explains why people say POST is 'secure'. If you are transmitting sensitive data you must use SSL.

User · Answer

GET and POST are HTTP methods which can achieve similar goals  GET is basically for just getting  retrieving  data  A GET should not have a body  so aside from cookies  the only place to pass info is in the URL and URLs are limited in length   GET is less secure compared to POST because data sent is part of the URL  Never use GET when sending passwords  credit card or other sensitive information   Data is visible to everyone in the URL  Can be cached data    GET is harmless when we are reloading or calling back button  it will be book marked  parameters remain in browser history  only ASCII characters allowed    POST may involve anything  like storing or updating data  or ordering a product  or sending e-mail  POST method has a body   POST method is secured for passing sensitive and confidential information to server it will not visible in query parameters in URL and parameters are not saved in browser history  There are no restrictions on data length  When we are reloading the browser should alert the user that the data are about to be re-submitted  POST method cannot be bookmarked

[forms] When should I use GET or POST method? What's the difference between them?

Examples related to forms

Examples related to http

Examples related to post

Examples related to get

Examples related to http-method