Comments Inline -----Original Message----- From: thelist-admin at lists.evolt.org [mailto:thelist-admin at lists.evolt.org]On Behalf Of Scott Schrantz Sent: Wednesday, February 20, 2002 5:58 PM To: 'thelist at lists.evolt.org' Subject: RE: [thelist] GET vs. POST * -----Original Message----- > From: Feingold Josh S [mailto:Josh.S.Feingold at irs.gov] > > When creating forms we have an option to use GET or POST > methods. I was > wondering if there are any specific reasons that people use > GET or POST or > if it is just a matter of preference. Are there any > tradeoffs between the > two? Are there any differences with how the back button will > work? Are there any other issues? Off the top of my head: GET puts all the results into the query string. This makes the submission a little less secure, since everything you entered is visible right there on the screen and it gets stored in your list of visited sites. But, this type of query has advantages since it can also be bookmarked, copied and pasted into e-mail, etc. It is meant to be used to GET data from, for example, a search engine. You can they send that same query to your friends or to TheList by including the query string in the URL. * * I believe there are limitations to the amount of characters a Query String will handle, but this is also browser dependant. I think for I.E. its like 1000 characters.. I may be wrong though. * Using "get" to pass information sends the information appended to the request for the processing page. It tends to be simpler and you can troubleshoot any problems simply by looking at the address bar in your browser since all values passed are displayed there. This is also the primary weakness of this method. The data being passed is visible and is limited in size to the maximum length of a request string. POST hides all the data that is sent; none of it is visible on the screen after it is sent. Only slightly more secure, though, since the results are still transmitted in plain text. This type of query cannot be bookmarked, and is usually meant to POST data once for storage on the server, such as into a database application. A blog post or an online order form would be examples of this one-time submission. Using "post" to pass information sends the information embedded in a header during the request for the processing page. Its main advantage is that you can send larger amounts of information. It also doesn't make that information visible in the address bar of the browser, which is nice if you are using the "hidden" input type. The value of this type is still readily available to the user by using view source, but the average user won't see it or be confused by any information you may need to pass from your form for processing. So, ideally, you would decide which one to use based on what you were going to be doing with the data once the server receives it, if you want the results page to be bookmarked, and if you want the same data to be able to be passed around and easily resubmitted or not. -- For unsubscribe and other options, including the Tip Harvester and archive of thelist go to: http://lists.evolt.org Workers of the Web, evolt !