HTTP GET and POST parameters recommendations

Question

Is it bad practice to issue the following POST request:

/test?a=1&b=2
POST data: c=3&d=4

Notice that 2 parameters are part of the URL and 2 parameters are part of the POST content.

On another note, is the following rule still recommended:

• GET request: retrieve content from the server but do not change anything on the server.
• POST request: post content to the server which may modify data on the server

I am asking because I see a bit of everything online.

Laurent Luce

Answer 1

Yes, your assumptions are correct. You should be consistent on how you pass your parameters or require the parameters to be passed, but it's not going to do any harm really.

GET operations are supposed to be safe operations, that don't perform any side-effects (besides caching, etc), so they are easily cached by proxies and such. POST operations on the other hand may encure side effects.

I would recommend reading the Wikipedia entry on HTTP protocol:

GET

Requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause. See safe methods below.

POST

Submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.

There are other operations too (e.g. HEAD, PUT, DELETE), and you should consider using them if you are designing an API. These are heavily discussed in RESTful API design.