When should I use GET or POST method? What's the difference between them?
It's not a matter of security. The HTTP protocol defines GET-type requests as being idempotent, while POSTs may have side effects. In plain English, that means that GET is used for viewing something, without changing it, while POST is used for changing something. For example, a search page should use GET, while a form that changes your password should use POST.
Also, note that PHP confuses the concepts a bit. A POST request gets input from the query string and through the request body. A GET request just gets input from the query string. So a POST request is a superset of a GET request; you can use $_GET
in a POST request, and it may even make sense to have parameters with the same name in $_POST
and $_GET
that mean different things.
For example, let's say you have a form for editing an article. The article-id may be in the query string (and, so, available through $_GET['id']
), but let's say that you want to change the article-id. The new id may then be present in the request body ($_POST['id']
). OK, perhaps that's not the best example, but I hope it illustrates the difference between the two.
What is the difference between POST and PUT in HTTP?
Overall:
Both PUT and POST can be used for creating.
You have to ask, "what are you performing the action upon?", to distinguish what you should be using. Let's assume you're designing an API for asking questions. If you want to use POST, then you would do that to a list of questions. If you want to use PUT, then you would do that to a particular question.
Great, both can be used, so which one should I use in my RESTful design:
You do not need to support both PUT and POST.
Which you use is up to you. But just remember to use the right one depending on what object you are referencing in the request.
Some considerations:
- Do you name the URL objects you create explicitly, or let the server decide? If you name them then use PUT. If you let the server decide then use POST.
- PUT is defined to assume idempotency, so if you PUT an object twice, it should have no additional effect. This is a nice property, so I would use PUT when possible. Just make sure that the PUT-idempotency actually is implemented correctly in the server.
- You can update or create a resource with PUT with the same object URL
- With POST you can have 2 requests coming in at the same time making modifications to a URL, and they may update different parts of the object.
An example:
I wrote the following as part of another answer on SO regarding this:
POST:
Used to modify and update a resource
POST /questions/<existing_question> HTTP/1.1
Host: www.example.com/Note that the following is an error:
POST /questions/<new_question> HTTP/1.1
Host: www.example.com/If the URL is not yet created, you
should not be using POST to create it
while specifying the name. This should
result in a 'resource not found' error
because<new_question>
does not exist
yet. You should PUT the<new_question>
resource on the server first.You could though do something like
this to create a resources using POST:POST /questions HTTP/1.1
Host: www.example.com/Note that in this case the resource
name is not specified, the new objects
URL path would be returned to you.PUT:
Used to create a resource, or
overwrite it. While you specify the
resources new URL.For a new resource:
PUT /questions/<new_question> HTTP/1.1
Host: www.example.com/To overwrite an existing resource:
PUT /questions/<existing_question> HTTP/1.1
Host: www.example.com/
Additionally, and a bit more concisely, RFC 7231 Section 4.3.4 PUT states (emphasis added),
4.3.4. PUT
The PUT method requests that the state of the target resource be
created
orreplaced
with the state defined by the representation
enclosed in the request message payload.
When do you use POST and when do you use GET?
Use POST
for destructive actions such as creation (I'm aware of the irony), editing, and deletion, because you can't hit a POST
action in the address bar of your browser. Use GET
when it's safe to allow a person to call an action. So a URL like:
http://myblog.org/admin/posts/delete/357
Should bring you to a confirmation page, rather than simply deleting the item. It's far easier to avoid accidents this way.
POST
is also more secure than GET
, because you aren't sticking information into a URL. And so using GET
as the method
for an HTML form that collects a password or other sensitive information is not the best idea.
One final note: POST
can transmit a larger amount of information than GET
. 'POST' has no size restrictions for transmitted data, whilst 'GET' is limited to 2048 characters.
how post method of form actually work behind scene
The value is stored in the request.
HTTP requests consist of a few key components. Mainly:
- Address
- Headers
- Body
The key difference between a GET and a POST in this case is that a GET has no Body. So any data you want to include in a GET needs to be included on the Address. A POST, however, does have a Body. And it includes the key/value pairs for the values in that Body.
Take a look at your browser's debugging tools and examine the requests/responses when interacting with the server. For a POST request, you'll see that you can in fact inspect the values. (Which you may want to consider when you talk about knowing the "security" of these requests...)
The values aren't "stored" anywhere special. They work almost exactly like they do in a GET request. They're simply in another part of the request format.
What's the difference between a POST and a PUT HTTP REQUEST?
HTTP PUT:
PUT puts a file or resource at a specific URI, and exactly at that URI. If there's already a file or resource at that URI, PUT replaces that file or resource. If there is no file or resource there, PUT creates one. PUT is idempotent, but paradoxically PUT responses are not cacheable.
HTTP 1.1 RFC location for PUT
HTTP POST:
POST sends data to a specific URI and expects the resource at that URI to handle the request. The web server at this point can determine what to do with the data in the context of the specified resource. The POST method is not idempotent, however POST responses are cacheable so long as the server sets the appropriate Cache-Control and Expires headers.
The official HTTP RFC specifies POST to be:
- Annotation of existing resources;
- Posting a message to a bulletin board, newsgroup, mailing list,
or similar group of articles; - Providing a block of data, such as the result of submitting a
form, to a data-handling process; - Extending a database through an append operation.
HTTP 1.1 RFC location for POST
Difference between POST and PUT:
The RFC itself explains the core difference:
The fundamental difference between the
POST and PUT requests is reflected in
the different meaning of the
Request-URI. The URI in a POST request
identifies the resource that will
handle the enclosed entity. That
resource might be a data-accepting
process, a gateway to some other
protocol, or a separate entity that
accepts annotations. In contrast, the
URI in a PUT request identifies the
entity enclosed with the request --
the user agent knows what URI is
intended and the server MUST NOT
attempt to apply the request to some
other resource. If the server desires
that the request be applied to a
different URI, it MUST send a 301 (Moved Permanently) response; the user agent MAY then make
its own decision regarding whether or not to redirect the request.
Additionally, and a bit more concisely, RFC 7231 Section 4.3.4 PUT states (emphasis added),
4.3.4. PUT
The PUT method requests that the state of the target resource be
created
orreplaced
with the state defined by the representation
enclosed in the request message payload.
Using the right method, unrelated aside:
One benefit of REST ROA vs SOAP is that when using HTTP REST ROA, it encourages the proper usage of the HTTP verbs/methods. So for example you would only use PUT when you want to create a resource at that exact location. And you would never use GET to create or modify a resource.
What is the difference between POST and GET?
GET
and POST
are two different types of HTTP requests.
According to Wikipedia:
GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause.
and
POST submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
So essentially GET
is used to retrieve remote data, and POST
is used to insert/update remote data.
HTTP/1.1 specification (RFC 2616) section 9 Method Definitions contains more information on
GET
and POST
as well as the other HTTP methods, if you are interested.In addition to explaining the intended uses of each method, the spec also provides at least one practical reason for why GET
should only be used to retrieve data:
Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead
Finally, an important consideration when using
GET
for AJAX requests is that some browsers - IE in particular - will cache the results of a GET
request. So if you, for example, poll using the same GET
request you will always get back the same results, even if the data you are querying is being updated server-side. One way to alleviate this problem is to make the URL unique for each request by appending a timestamp.
Related Topics
Actionbar Not Shown with Appcompat
Find Distance Between Two Points on Map Using Google Map API V2
Android How to Work with Asynctasks Progressdialog
Android Singletask or Singleinstance Launch Mode
Pass Data from Activity to Service Using an Intent
How to Use Searchview in Toolbar Android
Android - iPhone Style Tabhost
How to Determine If a Firebase User Is Signed in Using Facebook Authentication
Recyclerview Store/Restore State Between Activities
How to Deploy and Execute an Application on a Device Connected to a Remote System
Android Listview Not Refreshing After Notifydatasetchanged
Firebase Analytics Custom Events Params
How to Import Existing Android Project into Eclipse
Programmatically Select Item Listview in Android
How to Change the Android Actionbar Title and Icon
How to Get String Width on Android
Android: Customize Application's Menu (E.G Background Color)