Unfortunately there is a lot misuse of GET over POST and vice versa. Both HTTP methods can achieve the same goals, but an incorrect choice between them can lead to unexpected and potentially harmful outcomes.
So, to make sure we get things right, I present to you the definitive guide of choosing between GET and POST.
Editor’s Note: Mike McDerment of FreshBooks.com will be teaching a 1/2 day workshop on ‘How to Build a Web App from A-Z’ at The Future of Web Apps.
Note: Remember that query strings (i.e. name/value pairs) get transferred in the URL of GET requests:
GET /blog/?name1=value1&name2=value2 HTTP/1.1
Host: carsonified.com
and in the body of POST requests:
POST /blog/ HTTP/1.1
Host: carsonified.com
name1=value1&name2=value2
GET vs POST Basics
In between new additions to our vocabularies (think “idempotent“), sections 9.1, 9.3 & 9.5 of RFC 2616 help us to conclude the first rule of GET vs POST…
Rule #1: Use GET for safe actions and POST for unsafe actions.
The RFC instructs internet browsers to make users aware that, when reissuing a previously made POST request, that the action (e.g. placing an order) is potentially unsafe. Hence the existence of dialogue boxes like this:
However, whilst browser compliance with this RFC instruction might explain why POST should be used for unsafe actions, why shouldn’t we use POST for safe ones?
Simply put, because GET requests are more useable:
- GET requests can be cached
- GET requests can remain in the browser history
- GET requests can be bookmarked
- GET requests can be distributed & shared
-
GET requests can be hacked (ask Jakob!)
Note: If you need the best of both worlds, an unsafe action can be made safe by making it idempotent, so that it makes no difference how many times it’s requested. You do this by giving the request a unique ID and using server-side validation to ensure that a request with that ID hasn’t already been processed. In fact, if you’re in search of excellence, all unsafe actions should be made idempotent as nothing can stop users from ignoring warnings.
GET vs POST Extended
Rule #2: Use POST when dealing with sensitive data.
Because query strings are transferred openly in GET requests, we have to consider our security and that of our users when dealing with sensitive data like passwords or credit card numbers:
- Our users… because they may not realise that they are sharing sensitive data when they share a URL or that it can be viewed in the browser history by other people using the same computer.*
- Ourselves… because we may be breaking laws by unexpectedly storing data that we’re not allowed to (like credit card CV2s) in log files.
* This doesn’t apply when working within an AJAX environment.
Rule #3: Use POST when dealing with long requests.
Although the RFC doesn’t lay down any length-related guidelines, Internet Explorer – with its insistence on finding ways to make things difficult for us – enforces a maximum URL length of 2,048 characters.
Rule #4: Use GET in AJAX environments.
When using XMLHttpRequest, browsers implement POST as a two-step process (sending the headers first and then the data). This means that GET requests are more responsive – something you need in AJAX environments.
Summary
Although rules usually exist for good reasons, it’s good to know the logic behind them so they can be embraced fully. I, myself, hate rules that don’t have explanations and I hope that the above helps to justify the rules of GET vs POST.
Choosing between methods is a systematic process which should be part of second nature. Until then, this little workflow can be used:
相关推荐
通过这个工具,你可以输入API的URL、选择请求方法(Get或Post)、设置请求头以及发送的数据,然后查看服务器返回的响应。这对于快速调试WebApi接口和学习如何使用HTTP协议进行通信非常有帮助。 “XmlVector.xml”...
### C# 中实现 HTTP GET 和 POST 请求 在 C# 编程语言中,根据 HTTP 协议创建 GET 和 POST 方式的 HTTP 请求是一项基本且重要的技能。以下是对如何使用 C# 创建这两种请求的具体介绍。 #### 一、理解 HTTP GET ...
示例:System.out.println(SimpleString.getString(SimpleHttpGet.getInputStream("http://www.baidu.com", null)));
首先,让我们了解一下GET和POST请求的基本概念。GET请求是HTTP协议中最常见的请求类型,用于从服务器获取资源。它将请求参数附在URL后面,通常用于查询操作。POST请求则用于向服务器发送数据,比如提交表单或创建新...
get_post() 在一般主题制作时,get_post()函数我们一般很少会用到,但因为后面会讲到get_posts(),所以我们不得不先讲一下这个单数形式。这个函数的主要作用是,将一片指定的文章以一个对象或是数组的形式返回,以便...
ASP.NET Core Web API 是微软开发的一个用于构建网络API的强大框架,尤其适用于跨平台的应用服务。...阅读提供的PDF文件`ASP-NET-Core-Web-API-Multiple-Get-or-Post-Methods.pdf`将进一步深化对这一主题的理解。
- For GET requests, the `OpenRead` method is used, which can accept a URL and return the response text or stream. - For POST requests, the `OpenRead` method can also be used with an additional ...
查了很多资料都说,get方法的参数是有限制的,post方法的... type: "post", // post or get contentType:"application/json;charset=utf-8", data: “requestTag=”+tag+"&content="+content, //请求参数 url: "po
【说明】 检索当前文章或给定文章的文章类型。【用法】 【参数】 $post (混合)(可选)文章对象或文章ID... * Retrieve the post type of the current post or of a given post. * * @since 2.1.0 * * @uses $
MiniWeb is an embeddable, cross-platform, small-footprint HTTP server implementation, implementing basic GET and POST requests as well as request handling dynamic content generating. It works on x86 ...
$mime_type=get_post_mime_type( 36 );//假设id为36的文章是图片类型是“image/jpeg” echo $mime_type; //打印出image/jpeg ?> 修改记录 自2.0.0版本后【源文件】 get_post_mime_type() 位于wp-includes/post....
本文实例讲述了PHP实现支持GET,POST,Multipart/form-data的HTTP请求类及其应用,分享给大家供大家参考。具体如下: HttpRequest.class.php类文件如下: <?php /** HttpRequest class, HTTP请求类,支持GET,POST,...
get_post_custom_keys用于获取当前文章所有的自定义字段的键值。 返回一个数组,数组中含有特定文章或页面的所有自定义字段的关键字。 【用法】 【参数】 $post_id (整数)(可选)将要检索的自定义字段的文章...
get_post_meta函数用法: get_post_meta($post_id, $key, $single); 该函数有3个基本参数: $post_id —— 所检索数据的文章的ID,使用 $post->ID 来获取文章的ID。 $key —— 要检索的自定义字段名称 $single ——...
PostCSS is a tool that has ...Write a custom syntax in PostCSS while still using pre-built syntaxes such as Less, SASS, or Stylus Provide support for future CSS such as CSS4 using current CSS3 classes
以上就是关于`get_post_custom()`函数及其相关函数`get_post_custom_values()`和`get_post_custom_keys()`的详细解析。在实际开发中,这些函数可以帮助开发者更灵活地处理和展示自定义字段数据,增强网站的可定制性...
全面的基于fsockopen的HTTP请求功能,支持GET、POST、POST with file、raw POST、POST with指定IP等。 post_to_host.php 用 fsockopen 替换 curl: 变量前缀解释: 'arr' means any array, such as: array('var1...
同get_post_meta()一样,用于返回文章的自定义字段值得一个函数,只不过get_post_custom()函数使用起来更简单,如果在循环中使用你甚至不需要设置任何参数。 【用法】 【参数】 $post_id (整数)(可选)将要检索...
-- 该参数代表我发送的POST报文多长,不可少 UTL_HTTP.SET_HEADER(http_req, 'Content-Length', LENGTHB(request_env)); -- 发送请求 UTL_HTTP.WRITE_LINE(http_req, request_env); -- 赋值http返回 ...