406

I've only recently been getting involved with PHP/AJAX/jQuery and it seems to me that an important part of these technologies is that of POST and GET.

First, what is the difference between POST and GET? Through experimenting, I know that GET appends the returning variables and their values to the URL string

website.com/directory/index.php?name=YourName&bday=YourBday

but POST doesn't.

So, is this the only difference or are there specific rules or conventions for using one or the other?

Second, I've also seen POST and GET outside of PHP: also in AJAX and jQuery. How do POST and GET differ between these 3? Are they the same idea, same functionality, just utilized differently?

nbro
  • 12,226
  • 19
  • 85
  • 163
Hristo
  • 42,002
  • 60
  • 155
  • 224

7 Answers7

463

GET and POST are two different types of HTTP requests.

According to Wikipedia:

GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause.

and

POST submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.

So essentially GET is used to retrieve remote data, and POST is used to insert/update remote data.

HTTP/1.1 specification (RFC 2616) section 9 Method Definitions contains more information on GET and POST as well as the other HTTP methods, if you are interested.

In addition to explaining the intended uses of each method, the spec also provides at least one practical reason for why GET should only be used to retrieve data:

Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead

Finally, an important consideration when using GET for AJAX requests is that some browsers - IE in particular - will cache the results of a GET request. So if you, for example, poll using the same GET request you will always get back the same results, even if the data you are querying is being updated server-side. One way to alleviate this problem is to make the URL unique for each request by appending a timestamp.
Justin Ethier
  • 122,367
  • 49
  • 219
  • 273
  • 9
    .. Interesting. Thanks for explaining the caching behind this. Two questions... 1. Doesn't this mean there are security issues with using `GET` 2. Does this mean I could use `POST` to do the same thing as `GET`? – Hristo Aug 13 '10 at 13:50
  • 91
    @Hristo: You could make an update on the server by using `GET` as well yes. And vice-a-versa. You could use `POST` to just fetch some data. Using my analogy with a car again: Even though your car has reverse gear, you wouldn't drive to work in reverse. Even though you could of course. – Robert Koritnik Aug 13 '10 at 13:54
  • 20
    @Hristo: There are no issues with GET itself -- every site's home page is gotten by a GET, as are just about all links, so any security issues with it could break the whole web. The problem happens when web developers don't know a GET should be idempotent, and use it for things like "delete" or "add to cart" links/buttons. – cHao Aug 13 '10 at 13:58
  • You said GET and POST are types of HTTP Request, but then only used the word request when describing GET .. how about describing POST with the word "request"? – barlop Oct 24 '15 at 19:44
  • 2
    @barlop - "The data is included in the body of the request." – Justin Ethier Oct 24 '15 at 23:14
  • What method should be used to get the form itself to fill out? What if I wanted to modify the contact info of an existing Employee? Should I use GET with a synthetic key showing in the query string? – Ascendant Jan 14 '16 at 05:39
  • 2
    Another way to alleviate IE caching GET calls would be to set headers for incoming GET requests on the server side. These headers would prevent caching on the client side. – ferr Jan 17 '18 at 14:26
107

A POST, unlike a GET, typically has relevant information in the body of the request. (A GET should not have a body, so aside from cookies, the only place to pass info is in the URL.) Besides keeping the URL relatively cleaner, POST also lets you send much more information (as URLs are limited in length, for all practical purposes), and lets you send just about any type of data (file upload forms, for example, can't use GET -- they have to use POST plus a special content type/encoding).

Aside from that, a POST connotes that the request will change something, and shouldn't be redone willy-nilly. That's why you sometimes see your browser asking you if you want to resubmit form data when you hit the "back" button.

GET, on the other hand, should be idempotent -- meaning you could do it a million times and the server will do the same thing (and show basically the same result) each and every time.

cHao
  • 78,897
  • 19
  • 136
  • 168
33

Whilst not a description of the differences, below are a couple of things to think about when choosing the correct method.

  • GET requests can get cached by the browser which can be a problem (or benefit) when using ajax.
  • GET requests expose parameters to users (POST does as well but they are less visible).
  • POST can pass much more information to the server and can be of almost any length.
Community
  • 1
  • 1
Alex
  • 843
  • 6
  • 8
  • 2
    Is there a reason you didn't use the word "request" when describing POST? (despite the fact that many have stated that POSt is a type of request) – barlop Oct 24 '15 at 19:43
  • 2
    So if POST exposes the parameters as well just a little less visible, then if I am worried about sensitive information being seen, it really doesn't matter if I use POST or GET correct? Someone looking for the information will probably know enough about how to see the parameters in POST. Just wondering if I am understanding correctly. Thank you. – eaglei22 Jun 15 '17 at 18:36
  • @eaglei22, I'm copying this from Justin Ethier's answer above. > Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead Long story short, use POST with sensitive data – Paul-Hebert Sep 13 '18 at 22:50
21

POST and GET are two HTTP request methods. GET is usually intended to retrieve some data, and is expected to be idempotent (repeating the query does not have any side-effects) and can only send limited amounts of parameter data to the server. GET requests are often cached by default by some browsers if you are not careful.

POST is intended for changing the server state. It carries more data, and repeating the query is allowed (and often expected) to have side-effects such as creating two messages instead of one.

Victor Nicollet
  • 23,569
  • 3
  • 52
  • 88
  • 1
    Also would pay to mention that bots and the like know not to do POST stuff just in case it causes some action (like deleting data) to happen. – Aidan Kane Aug 13 '10 at 13:46
  • 3
    Just so it's said, "idempotent" means something a bit more complicated than "no side effects". It means that any number of identical requests will result in the exact same visible state of the server-side resource. But the request *can* cause changes. `PUT` and `DELETE` are idempotent too, for example. – cHao Jan 27 '14 at 19:33
18

If you are working RESTfully, GET should be used for requests where you are only getting data, and POST should be used for requests where you are making something happen.

Some examples:

  • GET the page showing a particular SO question

  • POST a comment

  • Send a POST request by clicking the "Add to cart" button.

Ojonugwa Jude Ochalifu
  • 23,935
  • 25
  • 104
  • 122
Skilldrick
  • 65,202
  • 32
  • 168
  • 226
  • 1
    .. I'm not sure what you mean by "RESTfully", but so are you saying that if `GET` is for getting data... `POST` is for sending data? or can `POST` also get data and use it to make something happen? – Hristo Aug 13 '10 at 13:44
7

With POST you can also do multipart mime encoding which means you can attach files as well. Also if you are using post variables across navigation of pages, the user will get a warning asking if they want to resubmit the post parameter. Typically they look the same in an HTTP request, but you should just stick to POST if you need to "POST" something TO a server and "GET" if you need to GET something FROM a server as that's the way they were intended.

Matt Williamson
  • 34,999
  • 10
  • 60
  • 70
1

The only "big" difference between POST & GET (when using them with AJAX) is since GET is URL provided, they are limited in ther length (since URL arent infinite in length).

Activist
  • 186
  • 2
  • 11