The two most used HTTP methods are: GET and POST.
What is HTTP?
The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.
HTTP works as a request-response protocol between a client and server.
A web browser may be the client, and an application on a computer that hosts a web site may be the server.
Example: A client (browser) submits an HTTP request to the server; then the server returns a response to the client. The response contains status information about the request and may also contain the requested content.
Two HTTP Request Methods: GET and POST
Two commonly used methods for a request-response between a client and server are: GET and POST.
GET
Requests data from a specified resourcePOST
Submits data to be processed to a specified resourceThe GET Method
Note that query strings (name/value pairs) is sent in the URL of a GET request:/test/demo_form.asp?name1=value1&name2=value2
Some other notes on GET requests:
GET
requests can be cachedrequests remain in the browser history
requests can be bookmarked
requests should never be used when dealing with sensitive data
requests have length restrictions
requests should be used only to retrieve data
The POST Method
Note that query strings (name/value pairs) is sent in the HTTP message body of a POST request:POST /test/demo_form.asp HTTP/1.1
Host: w3schools.com
name1=value1&name2=value2
Some other notes on POST requests:
POST
requests are never cachedrequests do not remain in the browser history
requests cannot be bookmarked
requests requests have no restrictions on data length
Compare GET vs. POST
The following table compares the two HTTP methods: GET and POST.| GET | POST | |
|---|---|---|
| BACK button/Reload | Harmless | Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted) |
| Bookmarked | Can be bookmarked | Cannot be bookmarked |
| Cached | Can be cached | Not cached |
| Encoding type | application/x-www-form-urlencoded | application/x-www-form-urlencoded or multipart/form-data. Use multipart encoding for binary data |
| History | Parameters remain in browser history | Parameters are not saved in browser history |
| Restrictions on data length | Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters) | No restrictions |
| Restrictions on data type | Only ASCII characters allowed | No restrictions. Binary data is also allowed |
| Security | GET is less secure compared to POST because data sent is part of the URL
Never use GET when sending passwords or other sensitive information! |
POST is a little safer than GET because the parameters are not stored in browser history or in web server logs |
| Visibility | Data is visible to everyone in the URL | Data is not displayed in the URL |