Parameters remain in
browser history because they are part of the URL
Parameters are not
saved in browser history.
BACK button/re-submit
behaviour:
GET requests are
re-executed.
The browser usually
alerts the user that data will need to be re-submitted.
Bookmarked:
Can be bookmarked.
Can not bookmarked.
Encoding type (enctype
attribute):
application/x-www-form-urlencoded
multipart/form-data or
application/x-www-form-urlencoded Use multipart encoding for binary data.
Parameters:
can send but the
parameter data is limited to what we can stuff into the request line (URL).
Safest to use less than 2K of parameters, some servers handle up to 64K
Can send parameters,
including uploading files, to the server.
Hacked:
Easier to hack for
script kiddies
More difficult to hack
Restrictions on form
data type:
Yes, only ASCII
characters allowed.
No restrictions.
Binary data is also allowed.
Security:
GET is less secure
compared to POST because data sent is part of the URL. So it's saved in
browser history and server logs in plaintext.
POST is a little safer
than GET because the parameters are not stored in browser history or in web
server logs.
Restrictions on form
data length:
Yes, since form data
is in the URL and URL length is restricted
No restrictions
Usability:
GET method should not
be used when sending passwords or other sensitive information.
POST method used when
sending passwords or other sensitive information.
Visibility:
GET method is visible
to everyone (it will be displayed in the browser's address bar) and has
limits on the amount of information to send.
POST method variables
are not displayed in the URL.
Cached:
Can be cached
Not cached
Large variable values:
7607 character maximum
size.
8 Mb max size for the
POST method.
2012-08-08 11:48
This blog is frozen. No new comments or edits allowed.
GET
POST
browser History:
Parameters remain in browser history because they are part of the URL
Parameters are not saved in browser history.
BACK button/re-submit behaviour:
GET requests are re-executed.
The browser usually alerts the user that data will need to be re-submitted.
Bookmarked:
Can be bookmarked.
Can not bookmarked.
Encoding type (enctype attribute):
application/x-www-form-urlencoded
multipart/form-data or application/x-www-form-urlencoded Use multipart encoding for binary data.
Parameters:
can send but the parameter data is limited to what we can stuff into the request line (URL). Safest to use less than 2K of parameters, some servers handle up to 64K
Can send parameters, including uploading files, to the server.
Hacked:
Easier to hack for script kiddies
More difficult to hack
Restrictions on form data type:
Yes, only ASCII characters allowed.
No restrictions. Binary data is also allowed.
Security:
GET is less secure compared to POST because data sent is part of the URL. So it's saved in browser history and server logs in plaintext.
POST is a little safer than GET because the parameters are not stored in browser history or in web server logs.
Restrictions on form data length:
Yes, since form data is in the URL and URL length is restricted
No restrictions
Usability:
GET method should not be used when sending passwords or other sensitive information.
POST method used when sending passwords or other sensitive information.
Visibility:
GET method is visible to everyone (it will be displayed in the browser's address bar) and has limits on the amount of information to send.
POST method variables are not displayed in the URL.
Cached:
Can be cached
Not cached
Large variable values:
7607 character maximum size.
8 Mb max size for the POST method.