0

I've read What is the difference between POST and GET? [duplicate] and When should I use GET or POST method? What's the difference between them?.

However, I'm still unsure whether I should use POST or GET when I intend to do certain things.

First, referencing this comment, I shouldn't use a GET request with query string parameters when I'm deleting or inserting a record, since those operations are not idempotent. That is, if I send the same delete request with the same record id, it will fail because the record will no longer be there. The same with adding an item to my shopping cart, since it will add another item to my cart, everytime the request is made.
Is my understanding correct?

Second, the GET method is used to retrieve a resource. But what about the resource(form) that is used to manipulate a record?

For example, I want to make some changes to this Employee record, his phone number, address, etc. So I click on the "modify" button. Should that button send a GET request or POST request? Would it be bad especially, if you have to put the primary key value(synthetic) of the record in the query string like

modifyEmployee.do?id=123

Should I use the GET method since I'm only asking for the form but I'm not submitting at this point? Or should I use the POST method because that id in the query string is bad/bad for security?

Third, I have some ajax calls to get data and populate some dropdown boxes, like address, city, state, municipality etc. Is it okay to use the GET method since I'm only retrieving data?

Community
  • 1
  • 1
Ascendant
  • 797
  • 2
  • 14
  • 34

1 Answers1

0

When you retrieve a form which is used to modify data, it is usually considered a GET request. Getting a form to modify data is not yet modifying anything. You're merely viewing the data in a form which may, or may not be, submitted. But these things are opinionated and you can implement your application either way.

Submitting the form is usually done with POST since you're modifying data. As a side note: modifying existing resources should be done with PUT request, but this is not possible with HTML forms without JavaScript and again, it really works either way.

As for the security: it is not indeed a good manner to put sensitive data into GET query parameters but is that employee ID really sensitive? If it is, another ID should be used for referring them in a web application.

AJAX calls or not, the same things apply as with forms. If retrieving data a GET is the natural choice.

user2170710
  • 120
  • 1
  • 1
  • 5