I've read What is the difference between POST and GET? [duplicate] and When should I use GET or POST method? What's the difference between them?.
However, I'm still unsure whether I should use POST or GET when I intend to do certain things.
First, referencing this comment, I shouldn't use a GET request with query string parameters when I'm deleting or inserting a record, since those operations are not idempotent. That is, if I send the same delete request with the same record id, it will fail because the record will no longer be there. The same with adding an item to my shopping cart, since it will add another item to my cart, everytime the request is made.
Is my understanding correct?
Second, the GET method is used to retrieve a resource. But what about the resource(form) that is used to manipulate a record?
For example, I want to make some changes to this Employee record, his phone number, address, etc. So I click on the "modify" button. Should that button send a GET request or POST request? Would it be bad especially, if you have to put the primary key value(synthetic) of the record in the query string like
modifyEmployee.do?id=123
Should I use the GET method since I'm only asking for the form but I'm not submitting at this point? Or should I use the POST method because that id in the query string is bad/bad for security?
Third, I have some ajax calls to get data and populate some dropdown boxes, like address, city, state, municipality etc. Is it okay to use the GET method since I'm only retrieving data?