http中get和post之间的区别
2011-07-03 07:05
357 查看
源自:http://www.diffen.com/difference/Get_vs_Post
In HTML, one can specify two different submission methods for a form. The method is specified inside a FORM element, using the METHOD attribute. The difference between METHOD="GET" (the default) and METHOD="POST" is primarily defined in terms of form data encoding. According to the technical HTML specifications GET means that form data is to be encoded (by a browser) into a URL while POST means that the form data is to appear within the message body of the HTTP request.
All form data filled in is visible in the URL. Moreover, it is also stored in the user's web browsing history/logs for the browser. These issues make GET less secure.
However, one advantage of form data being sent as part of the URL is that one can bookmark the URLs and directly use them and completely bypass the form-filling process.
There is a limitation on how much form data can be sent because URL lengths are limited.
If the form data set is large - say, hundreds of characters - then METHOD="GET" may cause practical problems with implementations which cannot handle that long URLs.
You might wish to avoid METHOD="GET" in order to make it less visible to users how the form works, especially in order to make "hidden" fields (INPUT TYPE="HIDDEN") more hidden by not appearing in the URL. But even if you use hidden fields with METHOD="POST", they will still appear in the HTML source code.
Read more: Get vs Post - Difference and Comparison | Diffen http://www.diffen.com/difference/Get_vs_Post#ixzz1QzaGqtfP
Read more: Get vs Post - Difference and Comparison | Diffen http://www.diffen.com/difference/Get_vs_Post#ixzz1Qza850TM
Get | Post | Hide All | |
---|---|---|---|
Currently 3.51/5 1 2 3 4 5 Rating: 3.5/5 (98 votes) | Currently 4.14/5 1 2 3 4 5 Rating: 4.1/5 (120 votes) | ||
BACK button/re-submit behaviour: | GET requests are re-executed. | The browser usually alerts the user that data will need to be re-submitted. | hide |
Encoding type (enctype attribute): | application/x-www-form-urlencoded | multipart/form-data or application/x-www-form-urlencoded | hide |
Bookmarked: | Can be bookmarked. | Can not bookmarked. | hide |
Hacked: | Can be Hacked | Never hacked | hide |
Cached: | Can be cached | not cached | hide |
History: | remain in browser history | never remain. | hide |
Restrictions on form data type: | Yes, only ASCII characters allowed. | No restrictions. Binary data is also allowed. | hide |
Restrictions on form data length: | Yes, since form data is in the URL and URL length is restricted | No restrictions | hide |
Security: | GET is less secure compared to POST | POST is safer than GET | hide |
Visibility: | GET method is visible to everyone (it will be displayed in the browser's address bar) and has limits on the amount of information to send. | POST method variables are not displayed in the URL. | hide |
Large variable values: | 2000 character maximum size. | 8 Mb max size for the POST method. | hide |
Usability: | GET method should not be used when sending passwords or other sensitive information. | POST method used when sending passwords or other sensitive information. | hide |
Contents[hide]1 Differences in form submission1.1 Pros and Cons2 Differences in server-side processing 3 Recommended Usage 4 See Also 5 References |
[edit]Differences in form submission
The fundamental difference between METHOD="GET" and METHOD="POST" is that they correspond to different HTTP requests, as defined in the HTTP specifications. The submission process for both methods begins in the same way - a form data set is constructed by the browser and then encoded in a manner specified by the enctype attribute. For METHOD="POSTthe enctype attribute can be multipart/form-data or application/x-www-form-urlencoded, whereas for METHOD="GET", only application/x-www-form-urlencoded is allowed. This form data set is then transmitted to the server.For form submission with METHOD="GET", the browser constructs a URL by taking the value of the action attribute, appending a ? to it, then appending the form data set (encoded using the application/x-www-form-urlencoded content type). The browser then processes this URL as if following a link (or as if the user had typed the URL directly). The browser divides the URL into parts and recognizes a host, then sends to that host a GET request with the rest of the URL as argument. The server takes it from there. Note that this process means that the form data are restricted to ASCII codes. Special care should be taken to encode and decode other types of characters when passing them through the URL in ASCII format.Submission of a form with METHOD="POST" causes a POST request to be sent, using the value of the action attribute and a message created according to the content type specified by the enctype attribute.[edit]Pros and Cons
Since form data is sent as part of the URL when GET is used --Form data are restricted to ASCII codes. Special care should be taken to encode and decode other types of characters when passing them through the URL in ASCII format. On the other hand, binary data, images and other files can all be submitted through METHOD="POST"All form data filled in is visible in the URL. Moreover, it is also stored in the user's web browsing history/logs for the browser. These issues make GET less secure.
However, one advantage of form data being sent as part of the URL is that one can bookmark the URLs and directly use them and completely bypass the form-filling process.
There is a limitation on how much form data can be sent because URL lengths are limited.
[edit]Differences in server-side processing
In principle, processing of a submitted form data depends on whether it is sent with METHOD="GET" or METHOD="POST". Since the data is encoded in different ways, different decoding mechanisms are needed. Thus, generally speaking, changing the METHOD may necessitate a change in the script which processes the submission. For example, when using the CGI interface, the script receives the data in an environment variable (QUERYSTRING) when GET is used. But when POST is used, form data is passed in the standard input stream (stdin) and the number of bytes to be read is given by the Content-length header.[edit]Recommended Usage
GET is recommended when submitting "idempotent" forms - those that do not 'significantly alter the state of the world'. In other words, forms that involve database queries only. Another perspective is that several idempotent queries will have the same effect as a single query. If database updates or other actions such as triggering emails are involved, the usage of POST is recommended.A "GET" request is often cacheable, whereas a "POST" request can hardly be. For query systems this may have a considerable efficiency impact, especially if the query strings are simple, since caches might serve the most frequent queries.In certain cases, using POST is recommended even for idempotent queries:If the form data would contain non-ASCII characters (such as accented characters), then METHOD="GET" is inapplicable in principle, although it may work in practice (mainly for ISO Latin 1 characters).If the form data set is large - say, hundreds of characters - then METHOD="GET" may cause practical problems with implementations which cannot handle that long URLs.
You might wish to avoid METHOD="GET" in order to make it less visible to users how the form works, especially in order to make "hidden" fields (INPUT TYPE="HIDDEN") more hidden by not appearing in the URL. But even if you use hidden fields with METHOD="POST", they will still appear in the HTML source code.
Read more: Get vs Post - Difference and Comparison | Diffen http://www.diffen.com/difference/Get_vs_Post#ixzz1QzaGqtfP
Read more: Get vs Post - Difference and Comparison | Diffen http://www.diffen.com/difference/Get_vs_Post#ixzz1Qza850TM
相关文章推荐
- get和post之间的区别http://blog.csdn.net/yipiankongbai/article/details/24025633
- HTTP中GET与POST之间的区别
- 浅谈HTTP中Get与Post的区别
- 细说HTTP中POST与GET的区别与联系
- HTTP POST GET 本质区别详解
- HTTP协议中POST、GET、HEAD的区别是什么
- Http中Post、Get区别
- HTTP协议中GET和POST到底有哪些区别
- Servlet中的GET和POST之间的区别
- 99%的人都理解错了HTTP中GET与POST的区别
- HTTP POST GET 本质区别详解
- Http之Get/Post请求区别
- HTTP POST GET 本质区别详解
- http协议请求,get和post的区别与联系
- HTTP协议中,GET与POST方法的区别有3点:
- Java Web开发8__HTTP GET请求、POST请求的区别, 重写 service() 方法
- HTTP POST GET 本质区别详解
- 浅谈HTTP中Get与Post的区别
- 从HTTP GET和POST的区别说起
- c HTTP POST GET 本质区别详解