Get vs Post
The ‘Get’ and the ‘Post’ are HTTP METHODS to send data parameters from the client browser to the server. These parameters can be a form input, search query from the search tab, etc. Whenever the web page has to respond with respective to the user or we can even say it as a user-interactive web page, then these HTTP METHODS play a vital role to supply the user specific input to the server. But you may wonder why we need two different methods just to send the input? To answer this question, it is very important to understand the how these methods work so that you can better understand the actual difference.
Syntax:
Let us now look at the syntax for the HTTP Methods Get and Post.
<form action=”Login.php” method=”get”> (This is the syntax for Get)
<form action=”Login.php” method=”post”> (This is the syntax for Post)
There is no major difference in syntax except for the word Get or Post.
How are Inputs sent to the Server?
The input is appended to the URL following a ‘?’ in the method Get whereas it is sent separately as a message in the method Post. Sometimes, you could have seen your search query in the URL after you press enter. If not, just try it once in Google. If it is Get method, you can notice the search query after ‘?’ in the same URL. At the same time, we cannot read the inputs when we use Post as it goes separately and not with the URL.
Input Type:
As Get appends input to the URL, it should go in the form of ASCII characters. But Post can even send Binary data without any restrictions. Therefore, Post is more flexible to the input type as it allows both ASCII as well as the Binary data.
Parameter count:
The Get method can send only limited parameters when compared to the Post. Usually, it is restricted to the number, 2K, and in some cases, the servers can handle parameters of count up to 64k. But the Post method is capable of sending even files to the server, in the form of messages. Yes, when we compare both of them, we can say that Post is better to send more input as parameters.
Input Size:
Generally, the maximum allowed URL length is subjected to the browser we use and the web server that processes the URL request. As Get sends inputs along with the URL, we can send a maximum of 2048 characters and in some cases, it varies. But there is no restriction on the input size when we use the Post method.
Visibility of Input:
If you had tested Google search, you could have understood that the Get input is apparently visible to others. This is because the input is just appended to the URL and anyone can see it in the URL space. But if Post method has been used then nobody could identify what we had sent as input. If you aren’t much cared about the visibility of your input, then just go ahead with the Get. Otherwise, use the Post to hide your input from others.
Default Method:
By now, you could have understood how both methods work to send inputs to the servers. Because of the simplicity in usage and transmission of parameters, the HTTP’s default method is chosen as ‘Get’. Though the Post method has various advantages over the Get, the simpler one takes priority while taking as the default. So, when you do not specify the method specifically, it is considered as a Get request.
Browser History:
As Get method sends data through URLs, the already sent data remains in the history of web browsers. Therefore, anybody could see what we have sent to servers by examining our browser history. The Post method does not create such a chance as it never allows browsers to save information. In fact, there is nothing to do with web browsers when data is sent with Post method as everything is sent through messages.
Which is secure?
We have been analyzing various differences between Get and Post methods and it is high time to know which is secured? Let us look at the various security factors to identify the same.
- Bookmarking: The Get method allows Bookmarking but Post never allows it. The bookmarked data can be later seen by anyone and it is absolutely a security threat! If your data contains much sensitive information such as passwords, bank account details, etc, then Get can leak all those to others. Therefore, it is better to go ahead with Post if you handle sensitive information.
- Caching: The cache memory stores information for future retrievals and it, in fact, saves our time. Though it seems to do a useful job, there are possibilities of data leak when the cached information goes to wrong hands. The Get allows caching whereas the Post never allows caching at all! Therefore, Post remains more secure over the Get.
- Refresh or Back: When we click the Refresh or the Back icon, the URL of the web page gets re-executed. But this re-execution does not happen when the older data resides in the cache memory of your system. So in such a scenario, there are chances that you get the already fetched data from the server upon Refresh or Back. We should identify when does this scenario happen, either with Get or Post? As we know that caching happens with Get and not with Post, the older data retrieval is possible only with Get. Even it can happen with Post but it asks for the user permission before doing so. Yes, we get alerts before such retrievals in Post.
- Hacking: Anybody who is technically strong can easily crack the URL associated with the Get method and can capture our information. But this is not possible with Post and at least it requires great efforts to crack it! So most of the times we are safe when Post is used rather than using Get.
When to use Get & When to use Post?
From our discussion, it is much clear that the Get is less secured and it is not advisable to use when we handle much sensitive information. The caching and the web browser history can let our information to others in the case of Get. But Post remains secure even during such circumstances as it never allows caching, Bookmarking, etc. Therefore, it is better to use Post when you send many secure data.
Let us look at the differences in an easier to understand tabular form.
S.No |
Differences in |
HTTP Requests |
|
GET |
POST |
||
1 | Syntax | Uses the Keyword ‘get’. | Uses the Keyword ‘Post’. |
2 | How are inputs sent? | Along with URL appending after the symbol ‘?’. | In form of messages. |
3 | Input Type | ASCII Characters. | ASCII Characters or Binary. |
4 | Parameter Count | Can handle 2k to 64k parameters based on the server. | No limit. |
5 | Input Size | Allows up to 2048 characters. | No limit. |
6 | Visibility of data sent | Remains visible to all as it resides in the URL space. | Cannot be seen as it is sent as a message. |
7 | Default HTTP Method | Yes . | No. |
8 | Browser History | The sent data remains in the web browser history and can be later seen by anyone. | The sent data nev.er resides in the web browser history and therefore no one can later see it. |
9 | Bookmarking | It allows the URL to be bookmarked and, in turn, the sent data. | There is nothing to do with the sent data even the web pages are bookmarked. As the bookmarked pages do not store any user information. |
10 | Caching | The cached pages store the user input and allow future retrieval. | The cached pages never store the user input. |
11 | Refresh or Back | The Refresh or Back actions do not re-execute the request if the older executions remain in .the cache memory. Also, such a retrieval from the cache happens without any alert message to the user. Therefore, the user may think that it is the latest but, in turn, the server may contain a different data. | The Refresh or Back actions fetches the data from cache only after sending an alert message to the user. The user may cancel it and can even re-execute it to fetch the latest data from the cache. |
12 | Hacking | It can be done easily. | It is difficult to hack. |
13 | When to use? | It is best suited to send less sensitive data such as search queries, chat messages, social media content, online research, etc where there is no concern for security. | It is best suited to send many sensitive data such as passwords, bank account details, etc where security is of most concern. |
So we are clear that Get and Post are doing the input sending job to the server but both of them works differently. Based on the need we can utilize the apt HTTP Methods i.e. the Get or the Post.