Doing web development will definitely involve the interaction between the browser and the server, so it is particularly important to understand the way the browser and the server interact. I have been exposed to get and post since I came into contact with B/S, but my understanding of them is really not in-depth. In the process of continuous project work later, I found in the constant contact with them that the previous understanding was really too shallow. This blog will discuss the difference between GET and POST.
HTTP protocol
Speaking of GET and POST, we have to mention the HTTP protocol, because the interaction between the browser and the server is performed through the HTTP protocol, and GET and POST are also two methods in the HTTP protocol.
The full name of HTTP is Hyper Text Transfer Protocol, which is translated into Hypertext Transfer Protocol in Chinese. The purpose is to ensure the communication between the browser and the server. The way HTTP works is a request-response protocol between client and server.
The HTTP protocol defines different methods for the interaction between the browser and the server. There are four basic methods, namely GET, POST, PUT, and DELETE. These four methods can be understood as checking, modifying, adding, and deleting server resources.
GET: Get data from the server, that is, the so-called query, just get the server resources without modification.
POST: Submit data to the server, which involves updating the data, that is, changing the data of the server.
PUT: The English meaning of PUT is to place, that is, to add new data to the server, which is the so-called increase.
DELETE: It can be seen from the literal meaning that this method is the process of deleting server data.
GET interaction
1. The GET interaction method is to obtain data from the server instead of modifying the data, so the GET interaction method is safe. Just like database query, querying data from the database will not affect the data information of the database, and it is safe for the database.
2. The GET interaction method is idempotent. Idempotency is a mathematical concept. An idempotent function is a function that can be executed repeatedly with the same parameters and can obtain the same result. In the GET interaction, multiple requests to the same URL get the same result. Just like a database query, when different database connections query the same database table with the same conditions, the results are the same.
POST interaction
1. POST interaction is a way to modify server data. When it comes to the modification of information, there will be security problems. Just like updating a database, when updating a database table, if the conditions are not written correctly, the data that does not need to be modified may be modified, and the data obtained is wrong.
2. The general POST interaction must use the form, but the default method for form submission is GET. If it is changed to the POST method, the Method when the form is submitted needs to be modified.
The difference between the two
GET方式:
1、GET方式是以实体的方式得到由请求URL所指定资源的信息,如果请求URL只是一个数据产生过程,那么最终要在响应实体中返回的是处理过程的结果所指向的资源,而不是处理过程的描述。也就是说,GET的到的信息是资源,而不是资源的处理过程。
2、请的求的数据会附加在URL之后,以?分隔URL和传输数据,多个参数用&连接。URL编码格式采用的是ASCII编码,而不是Unicode,即所有的非ASCII字符都要编码之后再传输。
3、因为URL的长度限制,GET方式传输的数据大小有所限制,传送的数据量不超过2KB。
4、GET方式服务器端用Request.QueryString获取变量的值。
5、GET方式传输的参数安全性低,因为传输的数据会显示在请求的URL中。
POST方式:
1、用来向目的服务器发出请求,要求它接收被附在请求后的实体,并把它当做请求队列中请求URL所指定资源的附加新子项。
2、POST方式将表单内各个字段和内容放置在HTML HEADER中一起传送到Action属性所指定的URL地址,用户是看不到这个过程的。
3、POST方式传送的数据量比较大,一般被默认为没有限制,但是根据IIS的配置,传输量也是不同的。
4、POST方式在服务器端用Request.Form获取提交的数据。
5、POST方式传输的数据安全性较高,因为数据传输不是明显显示的。
总结
POST和GET方式的安全性是相对的,另外也要看是从哪个角度来看的。从数据传输过程方面来看,POST方式是更加安全的,但是从对服务器数据的操作来看,POST方式的安全性又是比较低的。即使是传输过程用POST来执行,安全性也是相对的,如果了解HTTP协议漏洞,通过拦截发送的数据包,同样可以修改交互数据,所以这里的安全不是绝对的。