Talking about the difference in HTTP Get and Post,
14:51 by hyddd 2009-03-31, 880 444 reading, 118 reviews, the collection , editing
Http defines the different methods of interaction with the server, there are four basic methods, namely GET, POST, PUT, DELETE. URL stands for resource descriptors, we can be considered: a URL address that is used to describe resources on a network, and in HTTP GET, POST, PUT, DELETE it corresponds to the investigation of this resource, change, add, 4 puncturing operation. Here, we should have a general understanding, GET is generally used to get / query resource information, and POST are generally used to update resource information.
1 According to the HTTP specification, GET for information retrieval and should be safe and idempotent.
(1) The so-called security means that the operation used to obtain information rather than modify the information. In other words, GET requests should generally be free of side effects. That is, it is only to obtain information resources, like database queries, do not modify, add data, will not affect the status of the resource.
* Note: The security implications here only refers to the non-modified information.
(2). Idempotent means that multiple requests for the same URL should return the same result. Here I will explain again idempotent this concept:
There are several definitions of what idempotent:
For unary, if an operator of a number of times for all the results obtained and the operations carried out within the scope of the operation once the results obtained are the same, then we say that operation is idempotent. Absolute value operation example is an example, focus on real numbers, there abs (a) = abs (abs (a)).
For binary operations, required when the two values are involved in computing equivalent case, if the two values and calculation results satisfies equally involved in computing, called the idempotent operation, such as selecting the maximum value of the two numbers function, there is a real number in the centralized idempotent, i.e., max (x, x) = x .
After reading the above explanation, it should be able to understand the meaning of the GET idempotent.
However, in practice, the above two provisions are not so strict. The article cited examples of others: for example, the front page of a news site constantly updated. Although the second request will return a different batch of news, this operation is still considered safe and idempotent, because it always returns the current news. Basically, if the goal is when a user opens a link, he can be sure that from their own point of view does not change the resource can be.
2 . According to the HTTP specification, POST indicating a request to modify a resource may change on the server. Continuing with the example cited above: or news to site, for example, news readers to express their comments should be achieved through POST, because the resource in comments submitted after the site has been different, or that resources have been modified.
Probably a little above said problems in some of the principles of the GET and POST HTTP specification. But when the actual doing, but many people do not follow the HTTP specification, there are many reasons leading to this problem, for example:
1 . Many convenience's sake, use the GET updating resources, because to have to use POST FORM (form), this will be a little trouble.
2 . Increase of resources, delete, change, check operation, in fact, can be done through GET / POST, no need to use PUT and DELETE.
3 . Another is that the early Web MVC framework designers did not consciously URL as abstract resources to look and design, resulting in a more serious problem is the traditional Web MVC framework basically only support GET and two kinds of HTTP POST method and do not support PUT and DELETE methods.
* Explain briefly MVC: MVC was originally present in the Desktop program, M refers to the data model, V refers to the user interface, C is the controller. MVC is the purpose M and V implementation code separation, so that the same program can use different forms.
3:00 above typically describe the same old style (not strictly comply with the HTTP specification), with the development of architecture, there is now REST (Representational State Transfer), an HTTP specification supports new style, not much to say here, can refer to "RESTful Web Services".
Having issues of principle, we look at the difference between GET and POST is like from the surface above:
A data request .GET be attached after the URL (that is, the data is placed into the HTTP protocol header), to divide the URL and transmit data to & linked between parameters such as:? Login.action name = hyddd & password = idontknow & verify =? % E4% BD% A0% E5 % A5% BD. If the data is in English letters / numbers, as it is transmitted, if the space is converted to +, if Chinese / other characters, the string directly BASE64 encryption, obtained as:% E4% BD% A0% E5% A5% BD, where XX XX% for the symbols in the ASCII hexadecimal representation.
POST is the data submitted by the package body is placed in the HTTP packet.
2 . "GET submission of data can only be 1024 bytes, POST theoretically there is no limit, you can transfer larger amounts of data, IIS4 in a maximum of 80KB, IIS5 for 100KB"? ? !
The above phrase is my turn came from other articles, in fact, say that is wrong, inaccurate:
(1). The first is "the data submitted by the GET method can only be 1024 bytes" because the GET is to submit data by URL, then there is a direct relationship between the amount of data that can be submitted by just GET the length of the URL. In fact, URL parameters limit the problem does not exist, HTTP protocol specification does not limit the length of the URL. This restriction is specific to limit its browser and server. IE URL length limit is 2083 bytes (2K + 35). For other browsers, such as Netscape, FireFox, etc., in theory, there is no length limit, that limit depends on operating system support.
Note that this restriction is that the entire length of the URL, not just your parameter value data length. [See reference 5]
(2) In theory, there is no size limit POST, HTTP protocol specification have no size limit, saying "there is POST data size limit 80K / 100K of" is not accurate, POST data is no limit, from limiting the processing power of the server processing program.
For ASP program, there is a data processing length limit of 100K each form field Request object. But if you use Request.BinaryRead is not the limit.
It extends from this out for IIS 6.0, Microsoft for security reasons, to increase the limit. We also need to pay attention to:
1) .IIS 6.0 default ASP POST data volume up to 200KB, per domain limit form is 100KB.
2) .IIS 6.0 default maximum upload file size is 4MB.
3) .IIS 6.0 default maximum request header is 16KB.
Without these restrictions before IIS 6.0. [See reference 5]
So the above 80K, 100K may just default values only (Note: For IIS4 and parameters IIS5, I have not yet confirmed), but it certainly can set up their own. Since each version of IIS are not the same default values for these parameters, please refer to the relevant specific IIS configuration files.
3 . In the ASP, the server requests a GET Request.QueryString parameters, acquisition parameters the Request.Form POST request. In JSP, with request.getParameter (\ "XXXX \") to acquire, although jsp also has request.getQueryString () method, but use up more trouble, such as: pass a test.jsp name = hyddd & password = hyddd , with? request.getQueryString () is obtained: name = hyddd & password = hyddd . In PHP, GET and POST data can be acquired with the $ _GET and $ _POST, respectively, and data may be acquired $ _REQUEST GET and POST request. It is noteworthy that, JSP and PHP use request use $ _REQUEST, there will be problems, the next write articles summarized.
4 .POST safety than the safety of GET. Note: "Security" is not the same concept of security here and GET mentioned above. Above "safe" meaning just is not for data modification, and here the security implications are truly Security meanings, such as: submitting data via GET, user name and password in clear text appear in the URL, because (1) login page might be browser cache, (2) others to view your browser history, so others can get your account number and password, in addition, use GET to submit data also may cause Cross-site request forgery attacks.
To sum up, Get request is sent to the server one kind of the requested data, while the Post is one kind of request submitted data to the server, in FORM (form), Method The default is "GET", essentially, GET and POST only delivery mechanism different, not a take a hair!
Hyddd purely personal summary, please point out any errors. :>
References :
[1].http://hi.baidu.com/liuzd003/blog/item/7bfecbfa6ea94ed8b58f318c.html
[2].http://www.blogjava.net/onlykeke/archive/2006/08/23/65285.aspx
[3].http://baike.baidu.com/view/2067025.htm
[4].http://www.chxwei.com/article.asp?id=373
[5].http://blog.csdn.net/somat/archive/2004/10/29/158707.aspx
出处 [hyddd (http://www.cnblogs.com/hyddd/)]
Http defines the different methods of interaction with the server, there are four basic methods, namely GET, POST, PUT, DELETE. URL stands for resource descriptors, we can be considered: a URL address that is used to describe resources on a network, and in HTTP GET, POST, PUT, DELETE it corresponds to the investigation of this resource, change, add, 4 puncturing operation. Here, we should have a general understanding, GET is generally used to get / query resource information, and POST are generally used to update resource information.
1 According to the HTTP specification, GET for information retrieval and should be safe and idempotent.
(1) The so-called security means that the operation used to obtain information rather than modify the information. In other words, GET requests should generally be free of side effects. That is, it is only to obtain information resources, like database queries, do not modify, add data, will not affect the status of the resource.
* Note: The security implications here only refers to the non-modified information.
(2). Idempotent means that multiple requests for the same URL should return the same result. Here I will explain again idempotent this concept:
There are several definitions of what idempotent:
For unary, if an operator of a number of times for all the results obtained and the operations carried out within the scope of the operation once the results obtained are the same, then we say that operation is idempotent. Absolute value operation example is an example, focus on real numbers, there abs (a) = abs (abs (a)).
For binary operations, required when the two values are involved in computing equivalent case, if the two values and calculation results satisfies equally involved in computing, called the idempotent operation, such as selecting the maximum value of the two numbers function, there is a real number in the centralized idempotent, i.e., max (x, x) = x .
After reading the above explanation, it should be able to understand the meaning of the GET idempotent.
However, in practice, the above two provisions are not so strict. The article cited examples of others: for example, the front page of a news site constantly updated. Although the second request will return a different batch of news, this operation is still considered safe and idempotent, because it always returns the current news. Basically, if the goal is when a user opens a link, he can be sure that from their own point of view does not change the resource can be.
2 . According to the HTTP specification, POST indicating a request to modify a resource may change on the server. Continuing with the example cited above: or news to site, for example, news readers to express their comments should be achieved through POST, because the resource in comments submitted after the site has been different, or that resources have been modified.
Probably a little above said problems in some of the principles of the GET and POST HTTP specification. But when the actual doing, but many people do not follow the HTTP specification, there are many reasons leading to this problem, for example:
1 . Many convenience's sake, use the GET updating resources, because to have to use POST FORM (form), this will be a little trouble.
2 . Increase of resources, delete, change, check operation, in fact, can be done through GET / POST, no need to use PUT and DELETE.
3 . Another is that the early Web MVC framework designers did not consciously URL as abstract resources to look and design, resulting in a more serious problem is the traditional Web MVC framework basically only support GET and two kinds of HTTP POST method and do not support PUT and DELETE methods.
* Explain briefly MVC: MVC was originally present in the Desktop program, M refers to the data model, V refers to the user interface, C is the controller. MVC is the purpose M and V implementation code separation, so that the same program can use different forms.
3:00 above typically describe the same old style (not strictly comply with the HTTP specification), with the development of architecture, there is now REST (Representational State Transfer), an HTTP specification supports new style, not much to say here, can refer to "RESTful Web Services".
Having issues of principle, we look at the difference between GET and POST is like from the surface above:
A data request .GET be attached after the URL (that is, the data is placed into the HTTP protocol header), to divide the URL and transmit data to & linked between parameters such as:? Login.action name = hyddd & password = idontknow & verify =? % E4% BD% A0% E5 % A5% BD. If the data is in English letters / numbers, as it is transmitted, if the space is converted to +, if Chinese / other characters, the string directly BASE64 encryption, obtained as:% E4% BD% A0% E5% A5% BD, where XX XX% for the symbols in the ASCII hexadecimal representation.
POST is the data submitted by the package body is placed in the HTTP packet.
2 . "GET submission of data can only be 1024 bytes, POST theoretically there is no limit, you can transfer larger amounts of data, IIS4 in a maximum of 80KB, IIS5 for 100KB"? ? !
The above phrase is my turn came from other articles, in fact, say that is wrong, inaccurate:
(1). The first is "the data submitted by the GET method can only be 1024 bytes" because the GET is to submit data by URL, then there is a direct relationship between the amount of data that can be submitted by just GET the length of the URL. In fact, URL parameters limit the problem does not exist, HTTP protocol specification does not limit the length of the URL. This restriction is specific to limit its browser and server. IE URL length limit is 2083 bytes (2K + 35). For other browsers, such as Netscape, FireFox, etc., in theory, there is no length limit, that limit depends on operating system support.
Note that this restriction is that the entire length of the URL, not just your parameter value data length. [See reference 5]
(2) In theory, there is no size limit POST, HTTP protocol specification have no size limit, saying "there is POST data size limit 80K / 100K of" is not accurate, POST data is no limit, from limiting the processing power of the server processing program.
For ASP program, there is a data processing length limit of 100K each form field Request object. But if you use Request.BinaryRead is not the limit.
It extends from this out for IIS 6.0, Microsoft for security reasons, to increase the limit. We also need to pay attention to:
1) .IIS 6.0 default ASP POST data volume up to 200KB, per domain limit form is 100KB.
2) .IIS 6.0 default maximum upload file size is 4MB.
3) .IIS 6.0 default maximum request header is 16KB.
Without these restrictions before IIS 6.0. [See reference 5]
So the above 80K, 100K may just default values only (Note: For IIS4 and parameters IIS5, I have not yet confirmed), but it certainly can set up their own. Since each version of IIS are not the same default values for these parameters, please refer to the relevant specific IIS configuration files.
3 . In the ASP, the server requests a GET Request.QueryString parameters, acquisition parameters the Request.Form POST request. In JSP, with request.getParameter (\ "XXXX \") to acquire, although jsp also has request.getQueryString () method, but use up more trouble, such as: pass a test.jsp name = hyddd & password = hyddd , with? request.getQueryString () is obtained: name = hyddd & password = hyddd . In PHP, GET and POST data can be acquired with the $ _GET and $ _POST, respectively, and data may be acquired $ _REQUEST GET and POST request. It is noteworthy that, JSP and PHP use request use $ _REQUEST, there will be problems, the next write articles summarized.
4 .POST safety than the safety of GET. Note: "Security" is not the same concept of security here and GET mentioned above. Above "safe" meaning just is not for data modification, and here the security implications are truly Security meanings, such as: submitting data via GET, user name and password in clear text appear in the URL, because (1) login page might be browser cache, (2) others to view your browser history, so others can get your account number and password, in addition, use GET to submit data also may cause Cross-site request forgery attacks.
To sum up, Get request is sent to the server one kind of the requested data, while the Post is one kind of request submitted data to the server, in FORM (form), Method The default is "GET", essentially, GET and POST only delivery mechanism different, not a take a hair!
Hyddd purely personal summary, please point out any errors. :>
References :
[1].http://hi.baidu.com/liuzd003/blog/item/7bfecbfa6ea94ed8b58f318c.html
[2].http://www.blogjava.net/onlykeke/archive/2006/08/23/65285.aspx
[3].http://baike.baidu.com/view/2067025.htm
[4].http://www.chxwei.com/article.asp?id=373
[5].http://blog.csdn.net/somat/archive/2004/10/29/158707.aspx
出处 [hyddd (http://www.cnblogs.com/hyddd/)]