GET vs POST for the Beginner
If you hunt around for explanations about GET vs POST (used as the method for sending your form data to the server) you get a whole lot of technical overkill because its not a simple discussion. Many people just want a simple answer. Its probably better to say its not an easily explainable discussion when technical experts jump in with quotes from protocol specifications. But what’s the difference between GET and POST to the beginner? How is GET treated differently from POST and why would you use one over the other?
Let’s backtrack a little and look at the form element’s method attribute…
form method="get" action=""
There are other methods but for the most part GET and POST are your two basic alternatives. This is the method that the form will use to send the information to the server. Note the form data will be sent in plain text regardless of whether GET or POST is used.
First let’s look at GET. The simple thing to note about GET is that when you use GET the content of your form will become url encoded into a query string. That means in the address bar of your browser where you type in URLs the content of your form will become a query string appended after a ? as name=value pairs. For example if your form took your name and your age the corresponding query string attached to the URL would be…
?name=steven&age=43
As you can imagine this can be read by anyone looking over your shoulder. In a generalised sense, GET is meant for when you get from the server rather than POST being meant to post to the server.
One useful thing to note about query strings appended to your URL and the GET method is that search terms used with GET can be bookmarked as a result set. Its worth keeping in mind. Its perhaps worth noting that GET data is sent in the header part of a request to the server. Also, if no method attribute is put forward then the default method is GET. And a limitation of GET, to be aware of, is that its size is limited to the buffer input size of the server so you might send too much data in your request.
So what is URL encoding? Well, URL encoding is an important function that makes the query string valid. If I entered my full name in the previous example the space between steven and clark would be URL encoded to a + sign.
?name=steven+clark&age=43
To see this url encoded output make a small form with two or three fields and send it to your email account using an action of mailto.
A handy little form you might try is available at berghel.net where you can easily see the GET data turned into a query string in the browser address bar whereas the POST data is not turned into a query string in the browser address bar.
POST, on the other hand, is sent in the body of the request after the headers and is not visible to the user as a query string. The content is sent as name=value pairs but not made visible in the address bar of the browser. In that way, although its still only text, it can be a little bit more secure (from the person reading your age over your shoulder) than GET. The main thing to put in your head about using method=post is that you use it to POST data to the server for processing – for example entry into a database or contact form details.
There are a lot of complex side issues I can’t run into on this short post about the differences between GET and POST. And yes this is a short dirty answer to a simple enough question. I got flamed once in comments on GET vs POST because I mentioned security – note server side gurus that someone looking over my shoulder reading my form entry details is actually a low level of security. Security is not the complete domain of the server side environment. Not sharing my password is security. But that’s splitting hairs. In the end GET and POST are both sent as plain text and a smart person positioned between your computer and the server can retrieve the data if they are so inclined. Its enough for the beginner to understand query strings and how they relate to the form element’s method attribute.
A further note, if you’re looking at CGI programming, GET and POST are treated differently. GET is available as an environment variable whereas POST is available through the standard input stream (stdin). Feel free to correct me if I’m wrong.
A good basic rule is when you’re sending off form data you should be using POST. If you are just running search queries then GET might be appropriate. I’m sure if you Google you’ll get a far more accurate and technical answer.
