GET vs. POST

HTTP POST requests supply additional data from the client (browser) to the server in the message body. In contrast, GET requests include all required data in the URL. Forms in HTML can use either method by specifying method="POST" or method="GET" (default) in the <form> element. The method specified determines how form data is submitted to the server. When the method is GET, all form data is encoded into the URL, appended to the action URL as query string parameters. With POST, form data appears within the message body of the HTTP request.

Comparison chart

Edit this comparison chart

GET (HTTP)

User Rating (464):

POST (HTTP)

User Rating (523):
History Parameters remain in browser history because they are part of the URL Parameters are not saved in browser history.
Bookmarked Can be bookmarked. Can not be bookmarked.
BACK button/re-submit behaviour GET requests are re-executed but may not be re-submitted to server if the HTML is stored in the browser cache. The browser usually alerts the user that data will need to be re-submitted.
Encoding type (enctype attribute) application/x-www-form-urlencoded multipart/form-data or application/x-www-form-urlencoded Use multipart encoding for binary data.
Parameters can send but the parameter data is limited to what we can stuff into the request line (URL). Safest to use less than 2K of parameters, some servers handle up to 64K Can send parameters, including uploading files, to the server.
Hacked Easier to hack for script kiddies More difficult to hack
Restrictions on form data type Yes, only ASCII characters allowed. No restrictions. Binary data is also allowed.
Security GET is less secure compared to POST because data sent is part of the URL. So it's saved in browser history and server logs in plaintext. POST is a little safer than GET because the parameters are not stored in browser history or in web server logs.
Restrictions on form data length Yes, since form data is in the URL and URL length is restricted. A safe URL length limit is often 2048 characters but varies by browser and web server. No restrictions
Usability GET method should not be used when sending passwords or other sensitive information. POST method used when sending passwords or other sensitive information.
Visibility GET method is visible to everyone (it will be displayed in the browser's address bar) and has limits on the amount of information to send. POST method variables are not displayed in the URL.
Cached Can be cached Not cached
Large variable values 7607 character maximum size. 8 Mb max size for the POST method.

Contents: GET vs POST

edit Differences in Form Submission

The fundamental difference between METHOD="GET" and METHOD="POST" is that they correspond to different HTTP requests, as defined in the HTTP specifications. The submission process for both methods begins in the same way - a form data set is constructed by the browser and then encoded in a manner specified by the enctype attribute. For METHOD="POST the enctype attribute can be multipart/form-data or application/x-www-form-urlencoded, whereas for METHOD="GET", only application/x-www-form-urlencoded is allowed. This form data set is then transmitted to the server.

For form submission with METHOD="GET", the browser constructs a URL by taking the value of the action attribute, appending a ? to it, then appending the form data set (encoded using the application/x-www-form-urlencoded content type). The browser then processes this URL as if following a link (or as if the user had typed the URL directly). The browser divides the URL into parts and recognizes a host, then sends to that host a GET request with the rest of the URL as argument. The server takes it from there. Note that this process means that the form data are restricted to ASCII codes. Special care should be taken to encode and decode other types of characters when passing them through the URL in ASCII format.

Submission of a form with METHOD="POST" causes a POST request to be sent, using the value of the action attribute and a message created according to the content type specified by the enctype attribute.

edit Pros and Cons

Since form data is sent as part of the URL when GET is used --

edit Differences in Server-Side Processing

In principle, processing of a submitted form data depends on whether it is sent with METHOD="GET" or METHOD="POST". Since the data is encoded in different ways, different decoding mechanisms are needed. Thus, generally speaking, changing the METHOD may necessitate a change in the script which processes the submission. For example, when using the CGI interface, the script receives the data in an environment variable (QUERYSTRING) when GET is used. But when POST is used, form data is passed in the standard input stream (stdin) and the number of bytes to be read is given by the Content-length header.

edit Recommended Usage

GET is recommended when submitting "idempotent" forms - those that do not 'significantly alter the state of the world'. In other words, forms that involve database queries only. Another perspective is that several idempotent queries will have the same effect as a single query. If database updates or other actions such as triggering emails are involved, the usage of POST is recommended.

A "GET" request is often cacheable, whereas a "POST" request can hardly be. For query systems this may have a considerable efficiency impact, especially if the query strings are simple, since caches might serve the most frequent queries.

In certain cases, using POST is recommended even for idempotent queries:

edit References

Share this comparison:

If you read this far, you should follow us:

"GET vs POST." Diffen.com. Diffen LLC, n.d. Web. 25 Nov 2014. < http://www.diffen.com/difference/GET_%28HTTP%29_vs_POST_%28HTTP%29 >

Related Comparisons Follow Diffen
Make Diffen Smarter.

Log in to edit comparisons or create new comparisons in your area of expertise!

Sign up »
Top 5 Comparisons

Comments: GET (HTTP) vs POST (HTTP)

Comments via Facebook

Anonymous comments (9)

February 6, 2013, 8:43am

The file size limitation for POST is just limited by the server configuration. But it's good to know the authors server is configured to accept a maximum of 8MB ;-)

— 82.✗.✗.65
3

September 4, 2013, 4:04am

Awesome article :)

— 203.✗.✗.21
2

June 3, 2013, 3:19am

very very nice document!! much Appreciate !!!!

— 71.✗.✗.199
1

March 4, 2012, 9:36pm

what i'm seeing from your above compression, it means POST seems better than GET for all of the criterias.
My question is :- why we need to use GET? if POST is better!!!

— 94.✗.✗.185
1

December 5, 2012, 10:16pm

Regarding BACK button/re-submit behaviour, GET requests should be idempotent, meaning that submitted the exact same information many times doesn't change anything. Even though you COULD use a GET to add a comment to a page, it would break this rule and therefore you would always use POST.

— 76.✗.✗.151
-1

September 4, 2012, 10:41am

Incorrect. In plain AJAX you can send all your data using POST method through XMLHTTPRequest.send(params). Probably you use wrong framework.

— 78.✗.✗.45
-1

August 22, 2012, 11:59am

In Ajax, data goes on url, that means, ajax uses get method. So, we can not avoid get method.

— 119.✗.✗.14
-1

February 7, 2012, 5:47pm

Very helpful. Thanks :)

— 205.✗.✗.17
-1

February 26, 2011, 9:34am

The difference is that GET sends data open and POST hidden (in the http-header).

So get is better for non-secure data, like query strings in Google. Auth-data shall never be send via GET - so use POST here. Of course the whole theme is a little more complicated... who wants to read more, try this: http://bit.ly/gXpgzY

I hope that helped a little.

— 141.✗.✗.102
-1

share

Up next

Java vs. JavaScript