When do you use POST and when do you use GET?

http-post http-get
Thomas Owens picture Thomas Owens · Sep 5, 2008 · Viewed 176.2k times · Source

From what I can gather, there are three categories:

  1. Never use GET and use POST
  2. Never use POST and use GET
  3. It doesn't matter which one you use.

Am I correct in assuming those three cases? If so, what are some examples from each case?

Answer

Brian Warshaw picture Brian Warshaw · Sep 5, 2008

Use POST for destructive actions such as creation (I'm aware of the irony), editing, and deletion, because you can't hit a POST action in the address bar of your browser. Use GET when it's safe to allow a person to call an action. So a URL like:

http://myblog.org/admin/posts/delete/357

Should bring you to a confirmation page, rather than simply deleting the item. It's far easier to avoid accidents this way.

POST is also more secure than GET, because you aren't sticking information into a URL. And so using GET as the method for an HTML form that collects a password or other sensitive information is not the best idea.

One final note: POST can transmit a larger amount of information than GET. 'POST' has no size restrictions for transmitted data, whilst 'GET' is limited to 2048 characters.

Related questions

How to pass POST parameters in a URL?

Basically, I think that I can't, but would be very happy to be proven wrong. I am generating an HTML menu dynamically in PHP, adding one item for each current user, so that I get something like <a href="…

Read More
How do I print the content of httprequest request?

I've got a bug involving httprequest, which happens sometimes, so I'd like to log HttpGet and HttpPost request's content when that happens. So, let's say, I create HttpGet like this: HttpGet g = new HttpGet(); g.setURI(new URI("http://www.…

Read More
What 'sensitive information' could be disclosed when setting JsonRequestBehavior to AllowGet

I've been getting the same old error every time I test a new URL from my browser's address bar when I'm returning Json (using the built-in MVC JsonResult helper): This request has been blocked because sensitive information could be disclosed …

Read More