[thelist] GET vs. POST

Jim Davis smurf at ragingsmurf.com
Wed Feb 20 18:02:00 CST 2002

Comments Inline

-----Original Message-----
From: thelist-admin at lists.evolt.org [mailto:thelist-admin at lists.evolt.org]On
Behalf Of Scott Schrantz
Sent: Wednesday, February 20, 2002 5:58 PM
To: 'thelist at lists.evolt.org'
Subject: RE: [thelist] GET vs. POST

* -----Original Message-----
> From: Feingold Josh S [mailto:Josh.S.Feingold at irs.gov]
> When creating forms we have an option to use GET or POST
> methods.  I was
> wondering if there are any specific reasons that people use
> GET or POST or
> if it is just a matter of preference.  Are there any
> tradeoffs between the
> two?  Are there any differences with how the back button will
> work? Are there any other issues?

Off the top of my head:
GET puts all the results into the query string. This makes the submission a
little less secure, since everything you entered is visible right there on
the screen and it gets stored in your list of visited sites. But, this type
of query has advantages since it can also be bookmarked, copied and pasted
into e-mail, etc. It is meant to be used to GET data from, for example, a
search engine. You can they send that same query to your friends or to
TheList by including the query string in the URL.
* I believe there are limitations to the amount of characters a Query String
will handle, but this is also browser dependant.  I think for I.E. its like
1000 characters.. I may be wrong though.
* Using "get" to pass information sends the information appended to the
request for the processing page. It tends to be simpler and you can
troubleshoot any problems simply by looking at the address bar in your
browser since all values passed are displayed there. This is also the
primary weakness of this method. The data being passed is visible and is
limited in size to the maximum length of a request string.

POST hides all the data that is sent; none of it is visible on the screen
after it is sent. Only slightly more secure, though, since the results are
still transmitted in plain text. This type of query cannot be bookmarked,
and is usually meant to POST data once for storage on the server, such as
into a database application. A blog post or an online order form would be
examples of this one-time submission.
Using "post" to pass information sends the information embedded in a header
during the request for the processing page. Its main advantage is that you
can send larger amounts of information. It also doesn't make that
information visible in the address bar of the browser, which is nice if you
are using the "hidden" input type. The value of this type is still readily
available to the user by using view source, but the average user won't see
it or be confused by any information you may need to pass from your form for

So, ideally, you would decide which one to use based on what you were going
to be doing with the data once the server receives it, if you want the
results page to be bookmarked, and if you want the same data to be able to
be passed around and easily resubmitted or not.
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list