Login/Register
What is the difference between POST and GET? [duplicate]
Asked Answered
Solved httppostgethttp-method
R

7

444

I've only recently been getting involved with PHP/AJAX/jQuery and it seems to me that an important part of these technologies is that of POST and GET.

First, what is the difference between POST and GET? Through experimenting, I know that GET appends the returning variables and their values to the URL string

website.example/directory/index.php?name=YourName&bday=YourBday

but POST doesn't.

So, is this the only difference or are there specific rules or conventions for using one or the other?

Second, I've also seen POST and GET outside of PHP: also in AJAX and jQuery. How do POST and GET differ between these 3? Are they the same idea, same functionality, just utilized differently?

Reiterate answered 13/8, 2010 at 13:38 Comment(6)
Its interesting that this question was closed but it has twice as many views as the dupe. Perhaps we closed the wrong question...Unattached
This question has better answers than the one that it is marked as a duplicate of. Not huge differences, but this is more helpful.Sokol
The question is much better at the other one. Time for a chimeric offspring?Hoptoad
See also https://mcmap.net/q/76419/-when-should-i-use-get-or-post-method-what-39-s-the-difference-between-themEncephalogram
This article explains it well, its a 3 mins read, medium.com/@muhammadusmanalibaloch/…Aggrandize
@JustinEthier It's simply because this simple title is what most people search for.Antichrist
U
494

GET and POST are two different types of HTTP requests.

According to Wikipedia:

GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause.

and

POST submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.

So essentially GET is used to retrieve remote data, and POST is used to insert/update remote data.

HTTP/1.1 specification (RFC 2616) section 9 Method Definitions contains more information on GET and POST as well as the other HTTP methods, if you are interested.

In addition to explaining the intended uses of each method, the spec also provides at least one practical reason for why GET should only be used to retrieve data:

Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead

Finally, an important consideration when using GET for AJAX requests is that some browsers - IE in particular - will cache the results of a GET request. So if you, for example, poll using the same GET request you will always get back the same results, even if the data you are querying is being updated server-side. One way to alleviate this problem is to make the URL unique for each request by appending a timestamp.
Unattached answered 13/8, 2010 at 13:42 Comment(8)
.. Interesting. Thanks for explaining the caching behind this. Two questions... 1. Doesn't this mean there are security issues with using GET 2. Does this mean I could use POST to do the same thing as GET?Reiterate
@Hristo: You could make an update on the server by using GET as well yes. And vice-a-versa. You could use POST to just fetch some data. Using my analogy with a car again: Even though your car has reverse gear, you wouldn't drive to work in reverse. Even though you could of course.Glanti
@Hristo: There are no issues with GET itself -- every site's home page is gotten by a GET, as are just about all links, so any security issues with it could break the whole web. The problem happens when web developers don't know a GET should be idempotent, and use it for things like "delete" or "add to cart" links/buttons.Irrefrangible
You said GET and POST are types of HTTP Request, but then only used the word request when describing GET .. how about describing POST with the word "request"?Eisenberg
@Eisenberg - "The data is included in the body of the request."Unattached
What method should be used to get the form itself to fill out? What if I wanted to modify the contact info of an existing Employee? Should I use GET with a synthetic key showing in the query string?Drews
Another way to alleviate IE caching GET calls would be to set headers for incoming GET requests on the server side. These headers would prevent caching on the client side.Coriander
what is the difference between using only GET or only POST in an applicationTova
I
120

A POST, unlike a GET, typically has relevant information in the body of the request. (A GET should not have a body, so aside from cookies, the only place to pass info is in the URL.) Besides keeping the URL relatively cleaner, POST also lets you send much more information (as URLs are limited in length, for all practical purposes), and lets you send just about any type of data (file upload forms, for example, can't use GET -- they have to use POST plus a special content type/encoding).

Aside from that, a POST connotes that the request will change something, and shouldn't be redone willy-nilly. That's why you sometimes see your browser asking you if you want to resubmit form data when you hit the "back" button.

GET, on the other hand, should be idempotent -- meaning you could do it a million times and the server will do the same thing (and show basically the same result) each and every time.

Irrefrangible answered 13/8, 2010 at 13:50 Comment(0)
E
40

Whilst not a description of the differences, below are a couple of things to think about when choosing the correct method.

  • GET requests can get cached by the browser which can be a problem (or benefit) when using ajax.
  • GET requests expose parameters to users (POST does as well but they are less visible).
  • POST can pass much more information to the server and can be of almost any length.
Ecclesiology answered 13/8, 2010 at 13:58 Comment(3)
Is there a reason you didn't use the word "request" when describing POST? (despite the fact that many have stated that POSt is a type of request)Eisenberg
So if POST exposes the parameters as well just a little less visible, then if I am worried about sensitive information being seen, it really doesn't matter if I use POST or GET correct? Someone looking for the information will probably know enough about how to see the parameters in POST. Just wondering if I am understanding correctly. Thank you.Pikeman
@eaglei22, I'm copying this from Justin Ethier's answer above. > Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead Long story short, use POST with sensitive dataDiviner
D
26

If you are working RESTfully, GET should be used for requests where you are only getting data, and POST should be used for requests where you are making something happen.

Some examples:

  • GET the page showing a particular SO question

  • POST a comment

  • Send a POST request by clicking the "Add to cart" button.

Discourse answered 13/8, 2010 at 13:42 Comment(1)
.. I'm not sure what you mean by "RESTfully", but so are you saying that if GET is for getting data... POST is for sending data? or can POST also get data and use it to make something happen?Reiterate
Y
25

POST and GET are two HTTP request methods. GET is usually intended to retrieve some data, and is expected to be idempotent (repeating the query does not have any side-effects) and can only send limited amounts of parameter data to the server. GET requests are often cached by default by some browsers if you are not careful.

POST is intended for changing the server state. It carries more data, and repeating the query is allowed (and often expected) to have side-effects such as creating two messages instead of one.

Yaw answered 13/8, 2010 at 13:44 Comment(2)
Also would pay to mention that bots and the like know not to do POST stuff just in case it causes some action (like deleting data) to happen.Ofris
Just so it's said, "idempotent" means something a bit more complicated than "no side effects". It means that any number of identical requests will result in the exact same visible state of the server-side resource. But the request can cause changes. PUT and DELETE are idempotent too, for example.Irrefrangible
O
11

With POST you can also do multipart mime encoding which means you can attach files as well. Also if you are using post variables across navigation of pages, the user will get a warning asking if they want to resubmit the post parameter. Typically they look the same in an HTTP request, but you should just stick to POST if you need to "POST" something TO a server and "GET" if you need to GET something FROM a server as that's the way they were intended.

Outstanding answered 13/8, 2010 at 13:45 Comment(0)
O
2

The only "big" difference between POST & GET (when using them with AJAX) is since GET is URL provided, they are limited in ther length (since URL arent infinite in length).

Ogdoad answered 13/8, 2010 at 13:46 Comment(3)
.. what about how they are used?Reiterate
Oh well, that is the "only" big difference if you ignore all other differences, such as semantics, linking, caching, repeatability, etc.Krypton
I mean the big difference when using them as the OP speak of in AJAX...Ogdoad

© 2022 - 2024 — McMap. All rights reserved.