Alien Vision Stories:
Alien Vision Home
Get / Post
Comparison of HTML Get and Post
Dateline, Vancouver, Sept 2014
When I added the feedback page to my web site, I had to decide whether to use the Get or Post method to send the user's comments to the web server. A simple web search will show a whole lot of people are asking that same question, and a whole lot of vague and misleading replies. I'm going to clarify the situation in this essay, and describe the real differences and reasoning for using one or the other.
To the programmer, Get and Post look identical on both the browser (HTML) and server (PHP) sides of the equation. This makes it look as if they are interchangable, and in fact they are. Anywhere one will work, the other will also work. But there are functional differences and very good reasons why you might want to use one or the other and it's not obvious unless you understand the functionality of both.
For those of you just starting out, here is how they work.
In the HTML Form tag, you identify whether you want to send the data as Get or Post:
[FORM method=GET action="GTS-AG.php"] . . . [FORM method=POST action="GTS-AG.php"] . . .The user fills out the form and when he clicks the Submit button in the form, the browser will send his data to GTS-AG.php on the web server. GTS-AG.php will then process the data in some way, and return an HTML page to the user. Any scripting language on the server will work, I use PHP & ASP.
The first difference is apparent in the names of the functions:
Get is intended to send a query string to the server to GET data.
Post is intended to POST the user's data to the server.
It is perfectly valid to reverse those function and post with Get and get with Post, and a lot of web sites do exactly that. However, there is a big difference in how Get and Post actually send the data to the server and that is why they shouldn't be mixed.
When the web page sends the URL query to the server, Get includes the data in the URL, thusly:
GTS-AG.php?A=Joe&B=password&C=userfeedbackPost does not use the URL, it includes all data in an attachment.
On the server, the PHP code retrieves the data from both in the exact same way:
$Name = $_GET['A']; $Name = $_POST['A'];From the point of view of the programmer, they look and act the same. But there are important differences behind the scenes.
Since Get includes data in the URL and Post doesn't, it will cause these differences:
The URL is limited to about 2000 characters of data, and therefore so is Get. Post has no limit and can even include photos and binary data. This could make Get unsuitable for posting info - the browser form would have to check and limit the text.
The Get URL can be bookmarked. Post can not be bookmarked because the data is hidden in an attachment - the page can be bookmarked but not the data. This makes a Get query very handy for your viewers - I book mark YouTube videos all the time.
The programmer can manually create a Get query using the [A] tag to send the URL directly to the server, instead of using the [form] tag. This is surprisingly useful. For example, if you want to present ten options to the viewer, you could do this:
[A HREF="GTS-AG.php?A=Portland&B=Restaurants"] Portland Restaurants [/A] [A HREF="GTS-AG.php?A=Seattle&B=Restaurants"] Seattle Restaurants [/A] [A HREF="GTS-AG.php?A=Tacoma&B=Restaurants"] Tacoma Restaurants [/A]This is technically not using the Get method, but the URL being sent to the server is identical, and the server doesn't know the difference. This technique is pretty much impossible with the Post method. Using the [A] tag also makes it easy to range check the users data before sending over a corrected URL.
With the user data contained in the Get URL, it is easy for others to see it. This applies to both hackers monitoring web traffic, and anyone able to monitor the surfing history in your web browser (such as your wife or boss). This is far more difficult with the Post data contained in an attachment (which is not saved in the browser logs at all). Get makes passwords and sensitive data very risky. However, if the data is not sensitive (and most is not) feel free to send it using Get. If it is, it is not hard to manually encript it first, but it is even easier to just use Post.
Though it is very simple to post data to the server with Get, there is one more very good reason why you shouldn't. A Get bookmark will include the data, but if the user bookmarks his posted data, then everytime he displays the marked page, it will repost his data. A Post bookmark won't include the data.
However, if you are not using a Form on your web page, or if you are doing a lot of preprocessing of the user data in the browser, it would be very difficult to use Post (unless you know way more than me). In this case you'll need to be aware of the problems above and just send the URL directly with the [A] tag, which is the same as a Get, along with all of its problems.
Just for a reference
Here is a list of features between Get and Post.