Michael Knopf

turning concepts into working products...

What's the Difference Between the GET and POST HTTP Request Methods
Published: Friday, November 14, 2008
It's funny how you can work with something everyday yet give it little thought until a problem arises, the GET and POST methods for requests over HTTP is one of those things.  


The GET method appends name/value pairs to the URL, allowing you to retrieve a resource representation. The big issue with this is that the length of a URL is limited (roughly 3000 char) resulting in data loss should you have to much stuff in the form on your page, so this method only works if there is a small number parameters.

What does this mean for me?
Basically this renders the GET method worthless to most developers in most situations. Here is another way of looking at it: the URL could be truncated  (and most likely will be give today's data-centric sites) if the form uses a large number of parameters, or if the parameters contain large amounts of data. Also, parameters passed on the URL are visible in the address field of the browser (YIKES!!!) not the best place for any kind of sensitive (or even non-sensitive) data to be shown because you are just begging the curious user to mess with it.


The alternative to the GET method is the POST method. This method packages the name/value pairs inside the body of the HTTP request, which makes for a cleaner URL and imposes no size limitations on the forms output, basically its a no-brainer on which one to use. POST is also more secure but certainly not safe. Although HTTP fully supports CRUD, HTML 4 only supports issuing GET and POST requests through its various elements. This limitation has held Web applications back from making full use of HTTP, and to work around it, most applications overload POST to take care of everything but resource retrieval.

The POST method is something of a special case. According to the HTTP specification, POST should be used to provide a representation that can be treated as a subordinate of the target resource. For example, you could POST a new blog entry to the URI representing the blog feed, causing a new blog entry to be added to the feed. POST can also be used to process a block of data such as the data transmitted by an HTML form. The actual function performed by the POST method is defined by the server. Therefore, POST cannot be considered safe or idempotent by clients.

It is worth mentioning some of the other basic request options. As mentioned above the GET method allows you to retrieve a resource representation, while PUT allows you to create or update a resource with the supplied representation, and DELETE allows you to delete a resource. In short, GET, PUT, and DELETE provide basic CRUD operations (create, retrieve, update, and delete) for the Web. HEAD and OPTIONS, on the other hand, provide the ability to retrieve resource metadata, allowing you to discover how to interact with resources at run time.

Below is a nice table of the most commonly used HTTP methods:

Method Description Safe Idempotent
GET Requests a specific representation of a resource Yes Yes
PUT Create or update a resource with the supplied representation No Yes
DELETE Deletes the specified resource No Yes
POST Submits data to be processed by the identified resource No No
HEAD Similar to GET but only retrieves headers and not the body Yes Yes
OPTIONS Returns the methods supported by the identified resource Yes Yes

What Others Are Saying: