SitePoint Sponsor

User Tag List

View Poll Results: Which METHOD is BETTER and WHY ? (GET vs POST)

Voters
35. You may not vote on this poll
  • GET

    3 8.57%
  • POST

    29 82.86%
  • Other (If any)

    3 8.57%
Page 1 of 4 1234 LastLast
Results 1 to 25 of 85

Hybrid View

  1. #1
    if ($zee == "Guru") { $zee--;}
    Join Date
    Nov 2005
    Location
    Karachi - Pakistan
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Which METHOD is BETTER and WHY ? (GET vs POST)

    Hi People.

    Here i want u people to participate in the POLL to know which METHOD is BETTER and WHY ??? GET or POST ???

    Thanks

  2. #2
    SitePoint Evangelist Will Kelly's Avatar
    Join Date
    May 2005
    Location
    London
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Other. Pigeons. Much more reliable and only require seed to keep going.

  3. #3
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have recently done some research on this and, this is what I found:

    Strait from the HTML 2.0 specification
    If the processing of a form is idempotent (i.e. it has no lasting observable effect on the state of the world), then the form method should be GET. Many database searches have no visible side-effects and make ideal applications of query forms.
    - -
    If the service associated with the processing of a form has side effects (for example, modification of a database or subscription to a service), the method should be POST

    If a user submits a POST form, and then he tries to refresh, most browsers produce a warning message. This is useful if the data is added to a database or "has a lasting effect on the universe". If the data is idempotent, such as a search, you do not want browsers producing warnings all over the place and so GET is best.


    To conclude - I have no real proference because I use POST or GET depending on the situation.

  4. #4
    if ($zee == "Guru") { $zee--;}
    Join Date
    Nov 2005
    Location
    Karachi - Pakistan
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is that Really an ohter option for FORM Submittion ? is yesm the please put some more detail, otherwise, I have clearly mentioned (IF ANY) means if there is not any other way then it should not be VOTED. Anyways, i can not say anything regarding yoru UNDERSTANDING. (IF ANY) !!

  5. #5
    SitePoint Evangelist Will Kelly's Avatar
    Join Date
    May 2005
    Location
    London
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by zeeshanhashmi
    is that Really an ohter option for FORM Submittion ? is yesm the please put some more detail, otherwise, I have clearly mentioned (IF ANY) means if there is not any other way then it should not be VOTED. Anyways, i can not say anything regarding yoru UNDERSTANDING. (IF ANY) !!
    I have despatched a pigeon to answer your question.

  6. #6
    SitePoint Author silver trophybronze trophy

    Join Date
    Nov 2004
    Location
    Ankh-Morpork
    Posts
    12,158
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If the operation has side effects or the information being transferred is sensitive: POST.

    If the operation is idempotent and the result should be linkable: GET.

    Otherwise it doesn't matter much.
    Birnam wood is come to Dunsinane

  7. #7
    SitePoint Evangelist Will Kelly's Avatar
    Join Date
    May 2005
    Location
    London
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You , having such a good experience in this Forum (i.e. over 200 posts) I was thinking that u must be having a good knowledge of PHP and must have some MIND to think about a matter. I m sad to say that I was worng. I did not invited u specifically to join the POLL. Afterall some people requried more care becasue they donot have mind to thing or they think if they use their mind it will me consumed. I think now u should have a good understanding.
    Come again?! Sorry I reserve the right to occasionally be silly in this serious, serious world. And AutisticCuckoo has answered your poll/question anyway. *stifling laughter*

  8. #8
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Will Kelly
    Come again?! Sorry I reserve the right to occasionally be silly in this serious, serious world. And AutisticCuckoo has answered your poll/question anyway. *stifling laughter*

    Here here

    The world would be a very boaring place without a bit of sillyness

  9. #9
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,247
    Mentioned
    59 Post(s)
    Tagged
    3 Thread(s)
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  10. #10
    SitePoint Wizard
    Join Date
    Jan 2004
    Location
    3rd rock from the sun
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I find GET is slightly easier to debug.

    Inexperienced PHP'ers will see all their vars in the url string:

    index.php?name=j%20bloggs&jobttitle=tanker

    I was working on a script once in which the author had this bit of code in the form elements:

    <?php echo isset($debug) ? 'GET'; 'POST' ?>

    Though I never used similar, I did think it was smart of him/her. I think that could be a good strategy before you go "live".

    Now I just use a debug func that throws all my vars on the page, or just use the excellent:
    print_r($_POST);

    Another thing using GET, it reminds you just how open your code is to anyone looking, DONT call your vars the same as your table column names! It also gives you a lesson in what urlencode does.

    and another thing, using GET you can just fiddle with the url and resend your form, much easier to see if your form handler is validating your input correctly.

    You should mostly be using POST IMHO, it accepts far more data too.
    isempty()

  11. #11
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by paulyG
    You should mostly be using POST IMHO, it accepts far more data too.
    Good point - especially if you want do do things like send emails or upload files.

  12. #12
    Wadge! F4nat1c's Avatar
    Join Date
    Oct 2005
    Location
    South Wales, UK
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I prefer $_POST. I don't like any information being passed through pages to be visible, which $_GET does. And besides, a shorter URL is better than some long needless one:

    $_POST

    Code:
    domain.com/login.php
    $_GET

    Code:
    domain.com/login.php?email=uifjguifjgfugf&userid=2323&subject=jdhfudhfud
    OMFG SitePoint ROXORZ TEH BIG ONE111!
    Wish you were invisible?

  13. #13
    SitePoint Wizard
    Join Date
    Jan 2004
    Location
    3rd rock from the sun
    Posts
    1,005
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by F4nat1c
    I prefer $_POST. I don't like any information being passed through pages to be visible, which $_GET does.
    Thats fine as long as you understand that the only level of hacker you are putting off is a "fiddler", someone who fiddles around with GET vars, because they are so used to checking their own error handling, they have started doing it on other peoples' websites...

    index.php?name=j%20bloggs&jobttitle=tanker

    Ohh lets try:

    index.php?name=j%20bloggs&jobttitle=12345

    Ohh doesnt check very much, so lets try...

    index.php?name=j%20bloggs&jobttitle=;drop%20table%20users
    isempty()

  14. #14
    SitePoint Enthusiast
    Join Date
    Jan 2006
    Posts
    26
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_GET is much more insecure than $_POST, besides $_GET has a 32K size limit, basicaly for this two reasons I think $_POST is the best choice for most actions, but $_GET is a suitable for some tasks, for example building URL's dinamically for redirecting pages.
    About debugging stuff, $_POST can be debugged as easy as $_GET, just try
    PHP Code:
    var_dum($_POST
    Conclussion, I think $_POST is the best choice, but $_GET has to be considered for some tasks.

  15. #15
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kandalf
    $_GET is much more insecure than $_POST, besides $_GET has a 32K size limit, basicaly for this two reasons I think $_POST is the best choice for most actions, but $_GET is a suitable for some tasks, for example building URL's dinamically for redirecting pages.
    $_POST... more secure? Care to explain that untruth in more detail? Secondly under HTTP/1.1 there is no size limit for query strings; the rfc just states that the server must be able to handle any query string that it serves.

    On a side note the original post didn't mention forms, just method. Well it is possible to use all three methods (GET, POST, COOKIE) at the same time to send data from the browser to the server.

  16. #16
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kandalf
    $_GET has a 32K size limit
    I thought Internet Explorer maxed out at 2000 some characters. Do I have that totally wrong?

    I'll take a shot at the insecure post claim, the idea is that GET requests show up in firewall logs and that sort of things, so there are more chances of people harvesting data. It's not so much more or less of a security thing, it's more practical advice based on how information is collected and stored.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  17. #17
    Wadge! F4nat1c's Avatar
    Join Date
    Oct 2005
    Location
    South Wales, UK
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Go to:

    Predefined Variables

    There isnt really much difference. It's more a matter of opinion than fact to which method you use. $_POST is 'tidyer'. I don't like long URL's.
    OMFG SitePoint ROXORZ TEH BIG ONE111!
    Wish you were invisible?

  18. #18
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by F4nat1c
    There isnt really much difference. It's more a matter of opinion than fact to which method you use. $_POST is 'tidyer'. I don't like long URL's.
    Seriously though. There is a semantic difference between GET and POST. See : http://www.prescod.net/rest/

  19. #19
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I definately prefer DELETE. It just has much more authority.

  20. #20
    if ($zee == "Guru") { $zee--;}
    Join Date
    Nov 2005
    Location
    Karachi - Pakistan
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi
    as long as the URL values like
    index.php?name=j%20bloggs&jobttitle=;drop%20table%20users
    we can ENCRYPT the data from the source script and latter after validation (to eliminate any XSS), we can DECRYPT the Cipher back to plain. for example

    "index.php?uid=zeeshan" could become "index.php?uid=6FF4439C33221ABD3FE4"

  21. #21
    if ($zee == "Guru") { $zee--;}
    Join Date
    Nov 2005
    Location
    Karachi - Pakistan
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any One Else ?????

  22. #22
    SitePoint Evangelist Will Kelly's Avatar
    Join Date
    May 2005
    Location
    London
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm reliably informed that someone shot my pigeon. Sorry about that.

  23. #23
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Will Kelly
    I'm reliably informed that someone shot my pigeon. Sorry about that.
    An all too common fate for pigeons.

  24. #24
    SitePoint Enthusiast onion2k's Avatar
    Join Date
    Dec 2005
    Location
    UK
    Posts
    83
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Will Kelly
    I'm reliably informed that someone shot my pigeon. Sorry about that.
    It was me.

    Damn pigeons.

  25. #25
    SitePoint Evangelist pompopom's Avatar
    Join Date
    Feb 2004
    Location
    Huldenberg (Belgium)
    Posts
    426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Will Kelly
    I'm reliably informed that someone shot my pigeon. Sorry about that.
    sorry I noticed the little paper around it's neck too late...
    The Path of excess leeds to the tower of wisdom (W. Blake)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •