Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTTP GET and POST parameters recommendations

Tags:

http

post

request

get

Is it bad practice to issue the following POST request:

/test?a=1&b=2
POST data: c=3&d=4

Notice that 2 parameters are part of the URL and 2 parameters are part of the POST content.

On another note, is the following rule still recommended:

  • GET request: retrieve content from the server but do not change anything on the server.
  • POST request: post content to the server which may modify data on the server

I am asking because I see a bit of everything online.

Laurent Luce

like image 772
Laurent Luce Avatar asked Jan 03 '10 00:01

Laurent Luce

People also ask

Which is better GET or POST method?

POST request is comparatively more secure because the data is not exposed in the URL bar. Request made through GET method are stored in Browser history. Request made through POST method is not stored in Browser history. GET method request can be saved as bookmark in browser.

What is the difference between POST and GET method when each of them is recommended to be used?

POST. HTTP POST requests supply additional data from the client (browser) to the server in the message body. In contrast, GET requests include all required data in the URL.

What is faster GET or POST method?

GET is slightly faster because the values are sent in the header unlike the POST the values are sent in the request body, in the format that the content type specifies.

Is POST safer than GET method?

GET is less secure than POST because sent data is part of the URL. POST is a little safer than GET because the parameters are stored neither in the browser history nor in the web server logs.

1 Answers

Yes, your assumptions are correct. You should be consistent on how you pass your parameters or require the parameters to be passed, but it's not going to do any harm really.

GET operations are supposed to be safe operations, that don't perform any side-effects (besides caching, etc), so they are easily cached by proxies and such. POST operations on the other hand may encure side effects.

I would recommend reading the Wikipedia entry on HTTP protocol:

GET

Requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause. See safe methods below.

POST

Submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.

There are other operations too (e.g. HEAD, PUT, DELETE), and you should consider using them if you are designing an API. These are heavily discussed in RESTful API design.

like image 62
notnoop Avatar answered Oct 22 '22 06:10

notnoop
Sign in to Comment

Related questions

http.Handle(Handler or HandlerFunc)
automatically handling gzip http responses in Android
Changing the http header info to hide server info
Tomcat responding HTTP 503
sending a post from iOS app to php script not working... Simple solution is likey
ETag changes when Rack::Deflater is enabled
What does registerHTTPOperationClass in AFNetworking actually do? [closed]
IIS - the request is rejected by HTTP filter when there are european char in the url
Node.js request directly to URL with options (http or https)
Grails/Groovy URL .getText receive status
Best HTTP Method for Get or Create
What would be the proper HTTP status code if the agent's IP is blocked? [closed]
How to see all Request URLs the server is doing (final URLs)
Log 404 on http.FileServer
503 error pushing to remote
Generic/Unknown HTTP Error with response code 0 using UnityWebRequest
C# HttpListener The format of the specified network name is not valid
What is the standard acceptable request/response-timeout for API server (and Why)?
Lightweight Thread Pool Libraries in .NET
non-blocking read/log from an http stream

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!