Http defines different methods of interacting with the server. There are four basic methods, namely GET, POST, PUT, and DELETE. The full name of URL is a resource descriptor. We can think of it like this: a URL address, which is used to describe a resource on the network, and the GET, POST, PUT, and DELETE in HTTP correspond to the search, modification, and addition of this resource. Delete 4 operations. At this point, everyone should have a general understanding. GET is generally used to obtain/query resource information, and POST is generally used to update resource information.
1. According to the HTTP specification, GET is used for information acquisition, and it should be safe and idempotent.
(1). The so-called safe means that the operation is used to obtain information rather than modify information. In other words, GET requests should generally not have side effects. In other words, it only obtains resource information, just like a database query, it will not modify or add data, and will not affect the state of the resource.
* Note: The meaning of security here only refers to non-modified information.
(2). Idempotent means that multiple requests to the same URL should return the same result. Here I explain the concept of idempotence :
Idempotent (idempotent, idempotence) is a mathematical or computer science concept commonly found in abstract algebra.
There are several definitions of idempotence:
For a monocular operation, if an operation performs the operation multiple times for all a number in the range and the result of the operation is the same as the result of the operation once, then we call it the Operation is idempotent. For example, absolute value operation is an example. In the real number set, abs(a)=abs(abs(a)).
For binocular operations, it is required that when the two values involved in the operation are equal, if the result of the operation is equal to the two values involved in the operation, the operation is called idempotent, such as the maximum value of two numbers Functions are idempotent in the real number set, that is, max(x,x) = x.
After reading the above explanation, you should be able to understand the meaning of GET idempotence.
But in actual application, the above two regulations are not so strict. Examples of quoting other people's articles: For example, the front page of a news site is constantly updated. Although the second request will return a different batch of news, this operation is still considered safe and idempotent because it always returns the current news. Fundamentally, if the goal is when the user opens a link, he can be confident that he has not changed the resource from his own point of view.
2. According to the HTTP specification, POST indicates a request that may modify the resources on the server. Continue to quote the above example: Still taking the news website as an example, readers should use POST to publish their own comments on the news, because the resources of the site have been different after the comment is submitted, or the resources have been modified.
The above probably talked about some of the principle problems of GET and POST in the HTTP specification. But in actual practice, many people did not follow the HTTP specification. There are many reasons for this problem, such as:
1. Many people are greedy for convenience and use GET when updating resources, because POST must go to FORM (form), which will be a little troublesome.
2. Adding, deleting, modifying, and checking resources can actually be done through GET/POST, without using PUT and DELETE.
3. Another is that the early designers of the Web MVC framework did not consciously treat and design URLs as abstract resources, so a more serious problem is that traditional Web MVC frameworks basically only support GET and POST two HTTP methods, but does not support PUT and DELETE methods.
* Briefly explain MVC: MVC originally exists in the Desktop program, M refers to the data model, V refers to the user interface, and C is the controller. The purpose of using MVC is to separate the implementation code of M and V, so that the same program can use different forms of expression.
The above three points typically describe the old style (not strictly complying with the HTTP specification). With the development of the architecture, REST (Representational State Transfer) now appears, a new style that supports the HTTP specification. Not much to say here, you can refer to "RESTful Web Services".
After talking about the principle problem, let's look at the difference between GET and POST from the surface:
1. The data of the GET request will be appended to the URL (that is, the data is placed in the HTTP protocol header), the URL and the transmission data are separated by ?, and the parameters are connected by &, such as: login.action?name=hyddd&password=idontknow&verify= %E4%BD%A0%E5%A5%BD. If the data is English letters/numbers, send it as it is, if it is a space, convert it to +, if it is Chinese/other characters, then directly encrypt the string with BASE64, for example: %E4%BD%A0%E5%A5% BD, where XX in %XX is the ASCII representation of the symbol in hexadecimal notation.
POST places the submitted data in the body of the HTTP packet.
2. "The data submitted by GET method can only be 1024 bytes at most. In theory, there is no limit to POST, and a larger amount of data can be transferred. The maximum is 80KB in IIS4 and 100KB in IIS5"? ? !
I transferred the above sentence from other articles. In fact, it is wrong and inaccurate to say this:
(1). First of all, "The data submitted by GET can only be 1024 bytes at most", because GET submits data through URL, so the amount of data that GET can submit is directly related to the length of the URL. In fact, the URL does not have the problem of parameter upper limit, and the HTTP protocol specification does not limit the length of the URL. This restriction is a restriction imposed by a specific browser and server. IE's limitation on URL length is 2083 bytes (2K+35). For other browsers, such as Netscape, FireFox, etc., there is no length limit in theory, and the limit depends on the support of the operating system.
Note that this is the limit to the length of the entire URL, not just the length of your parameter value data. [See Reference 5]
(2). Theoretically speaking, there is no size limit for POST, and there is no size limit for the HTTP protocol specification. It is inaccurate to say that "the amount of POST data has a size limit of 80K/100K" is not accurate, and there is no limit for POST data. The limitation is the processing power of the server's processing program.
For ASP programs, there is a 100K data length limit when the Request object processes each form field. But if you use Request.BinaryRead, there is no such limitation.
From this extension, for IIS 6.0, Microsoft has increased restrictions for security reasons. We also need to pay attention to:
1). The default ASP POST data volume of IIS 6.0 is 200KB, and the limit for each form field is 100KB.
2). IIS 6.0 default upload file maximum size is 4MB.
3). The default maximum request header of IIS 6.0 is 16KB.
Before IIS 6.0, there were no such restrictions. [See reference 5]
So the above 80K and 100K may just be the default values (Note: I haven't confirmed the parameters of IIS4 and IIS5), but they can definitely be set by themselves. Since each version of IIS has different default values for these parameters, please refer to the relevant IIS configuration documents for details.
3. In ASP, the server uses Request.QueryString to obtain GET request parameters, and Request.Form to obtain POST request parameters. In JSP, use request.getParameter(\"XXXX\") to get. Although there is also request.getQueryString() method in JSP, it is more troublesome to use. For example: pass a test.jsp?name=hyddd&password=hyddd, use What request.getQueryString() gets is: name=hyddd&password=hyddd. In PHP, you can use $_GET and $_POST to get the data in GET and POST respectively, while $_REQUEST can get the data in both GET and POST requests. It is worth noting that there are hidden dangers in the use of request in JSP and the use of $_REQUEST in PHP, so I will write an article summary next time.
4. The security of POST is higher than that of GET. Note: The security mentioned here is not the same concept as the "security" mentioned in the GET above. The meaning of "security" above is just no data modification, and the meaning of security here is the meaning of real Security, such as: submitting data through GET, the user name and password will appear in the URL in plain text, because (1) the login page may be Browser cache, (2) Other people can view the history of the browser, then others can get your account and password. In addition, using GET to submit data may also cause a Cross-site request forgery attack.
To sum up, Get is a request to request data to the server, and Post is a request to submit data to the server. In the FORM (form), the Method defaults to "GET". In essence, GET and POST are just sending mechanisms. Different, not one by one!