Before proceeding on this topic, I hope you are clear with the basic understanding on how the web works out. In this article, we will particularly be exploring the differences between an HTTP POST and HTTP GET method, which is also one of the most commonly asked questions in an interview.
So basically, there are two most commonly used HTTP methods to transport the HTML form data from the client browser to the server. Those two methods are:
Probably most of you might already be knowing and would be using it very comfortably, but still I found it necessary to throw some light on these HTTP methods.
HTTP GET – This method is not recommended unless we are in a desperate need of it. Using this method, submits the HTML Form data to the server in the form of query strings appended towards end of the URL. Such query string consists of name/value pairs in plain text format, thus exposing all the parameter values in the URL, which might create a really bad impression on the users especially when the parameters involved are private and sensitive.
Contrary to HTTP GET, the prime purpose of HTTP POST is the same, i.e. to pass the information from the browser to the server. The difference is in the query strings that are no more appended to the URL, but instead, they are sent in the HTTP Request body.
Lets assume that we have a login page as shown below:
The HTML source of the above demo login page looks something like:
<h1>Login to jCombat Demo website</h1>
<form method="GET" action="index.php">
<p><input type="text" name="uname" value="" placeholder="Username or Email"></p>
<p><input type="password" name="pass" value="" placeholder="Password"></p>
<p class="submit"><input type="submit" value="Login"></p>
Note that the form method specified in the above snippet is GET, which means that if I enter my credentials into the login page and click on Submit button, my username and password will be submitted to the server as:
However, if I change the form method to POST, and I try logging-in again, my username and password will now be sent to the server inside the HTTP Request body instead of the URL, as:
POST /index.php HTTP/1.1
There are several drawbacks to using HTTP GET method over POST. To list a few,
- It poses a high security risk to sensitive data being transferred to the server, as the parameters being sent out are clearly visible in the submit URL.
- There are restrictions over sending too many HTTP GET parameters to the server. This is applicable only in cases where we prefer GET over POST.
- A web page dependent on URL parameters/query strings can be easily cached and bookmarked in case of HTTP GET. However, this is not the case with web pages relying on HTTP POST parameters in the Request body, where a random hit to such pages are error-handled to display an appropriate error message if the web page is not able to retrieve the HTTP POST parameters from the HTTP Request body.