And that is why, today I'll be dealing with both cases.
The GET method
The GET method is the default way of transporting data. In a HTML form, if the method attribute is not specified in the form tag, the browser automatically assumes a GET. Here's an example. Pay attention to the form tag.
<form>
<input name="x" value="test">
<input name="y" value="12345">
<input type="submit" name="btSubmit" value="submit">
</form>
<input name="x" value="test">
<input name="y" value="12345">
<input type="submit" name="btSubmit" value="submit">
</form>
is the same as
<form method="GET">
<input name="x" value="test">
<input name="y" value="12345">
<input type="submit" name="btSubmit" value="submit">
</form>
<input name="x" value="test">
<input name="y" value="12345">
<input type="submit" name="btSubmit" value="submit">
</form>
The GET method of transporting data basically embeds the data in the URL in data-value pairs separated by ampersands. Assuming that this form is in a page named tt_test.asp, submitting the form would give you a URL of:
tt_test.asp?x=test&y=12345&btSubmit=submit
This also means that you can use the GET method to transport data without using a form.
Pros
Quick and dirty - As mentioned, you don't need a form to send data via the GET method. You merely need to formulate the URL properly.Caching - Since GET is essentially a URL, it follows that pages generated from the GET method may also be cached, and this shaves valuable time off page loads. URL caching in turn facilitates pages generated using the GET method being crawled by search engines, which leads to better Search Engine Optimization. And this is the one thing that cements GET its place as a viable method of data transport despite its obvious inferiority to POST in many areas.
Cons
Size limitations - The URL can hold only that much data. Therefore using GET to send long strings of data (over 1000 characters including the URL, depending on browser) is not advisable.Format - GET can send only text data. Even then, special characters have to be encoded. If, for example, you wanted to send an ampersand as part of your data, you would have to be very careful that the it is not mistaken as a separator.
Security - The data appears in the URL. Duh.
Use GET for...
... simple data that can be easily sanitized and whitelisted.... data that does not need to be private.
Do not use GET for...
... data that should be hidden, such as passwords.... complex data
... long strings
Absolutely do not use GET for...
... entire SQL queries (Jesus Christ, do you have a death wish or something?!)
tt_test.asp?query=SELECT x from table_y WHERE id=3
No comments:
Post a Comment