HTTP Methods: GET vs. POST

By Prempal Singh 0 Comment February 14, 2017  cyberops infosec, Difference between GET and POST method, GET method, hacking tutorials, php tutorials, POST method, what is get method, what is post method

What is HTTP

HTTP stands for Hypertext Transfer Protocol and HTTP is used to communications and request-response protocol between clients and servers. A web browser may be the client or may be the server.

Example: A client (browser) submits an HTTP request to the server; then the server returns a response to the client. The response got status information about the request and may also contain the requested content.

There are two ways the browser client can send information to the web server. GET and POST.

• GET – Requests data from a specified resource
• POST – Submits data be processed to a specified resource

GET Method:

The GET method sends the encoded user information appended to the page request. The page and the encoded information are separated by the ? character.

Example:

http://www.example.com/action.php?name=cyberops&age=24

• The data sent by GET method can be accessed using a QUERY_STRING environment variable.
  The GET method is restricted to send up to 1024 characters only.
  The GET method produces a long string that appears in your server logs.
  The PHP provides the $_GET associative array to access all the sent information using the GET method.
  Never use GET method if you have the password or other sensitive information to be sent to the server.
  GET can’t be used to send binary data, like images or word documents, to the server.

Some other notes on GET requests:

• GET requests should be used only to retrieve data
• GET requests can be cached
• GET requests have length restrictions
• GET requests remain in the browser history
• GET requests should never be used when dealing with sensitive data
• GET requests can be bookmarked

POST Method

Via HTTP headers transfer information by POST Method. The information is encoded as described in a case of GET method and put into a header called QUERY_STRING.

POST /test/demo_form.asp HTTP/1.1
Host: cyberops.in
name1=cyberops&name2=Infosec

The data sent by POST method goes through HTTP header so security depends on HTTP protocol. By using Secure HTTP you can make sure that your information is secure.
The POST method does not have any restriction on data size to be sent.
The PHP provides the $_POST associative array to access all the sent information using POST method.
The POST method can be used to send ASCII as well as binary data.

Some other notes on POST requests:

• POST requests are never cached
• POST requests cannot be bookmarked
• POST requests have no restrictions on data length
• POST requests do not remain in the browser history

Compare GET & POST Method