browser History:
|
Parameters remain in
browser history because they are part of the URL
|
Parameters are not
saved in browser history.
|
BACK button/re-submit
behaviour:
|
GET requests are
re-executed.
|
The browser usually
alerts the user that data will need to be re-submitted.
|
Bookmarked:
|
Can be bookmarked.
|
Can not bookmarked.
|
Encoding type (enctype
attribute):
|
application/x-www-form-urlencoded
|
multipart/form-data or
application/x-www-form-urlencoded Use multipart encoding for binary data.
|
Parameters:
|
can send but the
parameter data is limited to what we can stuff into the request line (URL).
Safest to use less than 2K of parameters, some servers handle up to 64K
|
Can send parameters,
including uploading files, to the server.
|
Hacked:
|
Easier to hack for
script kiddies
|
More difficult to hack
|
Restrictions on form
data type:
|
Yes, only ASCII
characters allowed.
|
No restrictions.
Binary data is also allowed.
|
Security:
|
GET is less secure
compared to POST because data sent is part of the URL. So it's saved in
browser history and server logs in plaintext.
|
POST is a little safer
than GET because the parameters are not stored in browser history or in web
server logs.
|
Restrictions on form
data length:
|
Yes, since form data
is in the URL and URL length is restricted
|
No restrictions
|
Usability:
|
GET method should not
be used when sending passwords or other sensitive information.
|
POST method used when
sending passwords or other sensitive information.
|
Visibility:
|
GET method is visible
to everyone (it will be displayed in the browser's address bar) and has
limits on the amount of information to send.
|
POST method variables
are not displayed in the URL.
|
Cached:
|
Can be cached
|
Not cached
|
Large variable values:
|
7607 character maximum
size.
|
8 Mb max size for the
POST method.
|
