How to send large amount of data from javascript to the server

I know one way to send data:

img = new Image();
img.src = “domain/script.php?data=”+escape(data);

so the data is sent in a query string. But this way you can send about 100 bytes of data. What if I need to send more?

Take a look at the XmlHttpRequest object. Or why don´t you post your data?

html hidden forms along with using the form method submit()

The GET method of sending data (IE: all data is attached to the url in a query string) IS VERY LIMITED in size … thats one reason why there is the POST method from an html form (as mentioned before) … once you send data via a form who’s method is set to post (IE: <form method=‘post’ action=‘’>) you can just about send anything you want (file type OR size)

One other reason to not use the GET method is security … anyone can see and / or grab the data if they want to!

As it is with POST :wink:

To be sure to send data “secure” you need to use https both for the form and the resource recieving the data.

true but its a heck of a lot easier with a get

There are two basic methods of sending data to the server:

  1. With GET: <form method=‘post’ action=‘’>
  2. With POST: <form method=‘post’ action=‘’>

GET is limited up to 256 characters, also is easily viewable by anyone, and is saved in the logs.

POST is unlimited. You may send very large data using it. And of course secure.

And of course there are some derived methods like this one:

<a href=“”>SEND DATA</a>

Which is nothing else, but the above mentioned GET method, with it’s limitations.

Hope that helps :slight_smile:

I don´t understand how you can say that POST is secure. Have you ever listened to HTTP-streams? You´re right that the data will not be in the logs as with GET but if you ever monitor HTTP-traffic you will see that it´s there, wide open, like a holiday postcard. So in the context: I do not want my sysadmin to see what I send. Then POST can be it and you can say it´s ‘secure’. The sysadmin only needs to hack an application saving HTTP-bodies anyway to be able to see it so you´re not safe if you´re sysadmin has such an application. In theory anyone can “hook” in and listen on the data stream between the client and the server. So it´s not safe. You better be using HTTPS for that.

Thank you for all this information about post method security. But I want to send information from JavaScript to server WITHOUT PAGE BEING RELOADED. So, post method will not work.
However, thank you for suggesting XmlHttpRequest object.

np :slight_smile: