The difference between the two data transmission methods of method=post/get in the Form form_HTML/Xhtml_Web page production

Form provides two methods of data transmission - get and post. Although they are both ways of submitting data, they are very different in actual transmission and may have a serious impact on the data. Although the Web container has shielded some differences between the two in order to conveniently obtain variable values, understanding the differences between the two will also be helpful in future programming.

The get and post methods in Form correspond to the GET and POST methods in the HTTP protocol respectively during the data transmission process. The main differences between the two are as follows:

1. Get is used to obtain data from the server, while Post is used to transfer data to the server.

2. Get adds the data in the form to the URL pointed to by the action in the form of variable=value, and the two are connected using "?", and each variable is connected using "&"; Post puts the data in the form into the data body of the form, and passes it to the URL pointed to by the action in a manner corresponding to variables and values.

3. Get is unsafe because during the transmission process, the data is placed in the requested URL, and many existing servers, proxy servers or user agents will record the request URL in log files. , and then put it somewhere so that some private information may be seen by a third party. In addition, users can also see the submitted data directly on the browser, and some internal system messages will be displayed in front of the user. All Post operations are invisible to users.

4. The amount of data transferred by Get is small, mainly because it is limited by the URL length; while Post can transfer a large amount of data, so only Post can be used to upload files (of course there is another reason, which will be discussed later) mentioned).

5. Get restricts the value of the data set in the Form form to be ASCII characters; while Post supports the entire ISO10646 character set.

6. Get is the default method of Form.

The data transmitted using Post can be correctly converted into Chinese by setting the encoding; while the data transmitted by Get has not changed. We must pay attention to this in future procedures.

_______________________________________________________________________________________________

1. The Get method passes the user's data through the URL request, connects the names of each field in the form and its content as a pair of strings, and places them in the program pointed to by the action attribute. After entering the URL, such as http://www.mdm.com/test.asp?name=asd&password=sad, the data will be displayed directly on the URL, just like the user clicks a link; the Post method uses the HTTP post mechanism to convert the form The name of each field and its content are placed in the HTML header (header) and are sent to the server for processing by the program pointed to by the action attribute. The program will read the form data through the standard input (stdin) method and add it to the server. Processing

2. The Get method requires using Request.QueryString to obtain the value of the variable; while the Post method uses Request.Form to access the submitted content

3. The amount of data transmitted by the Get method is very small , generally limited to about 2 KB, but the execution efficiency is better than the Post method; the amount of data transferred by the Post method is relatively large, it is waiting for the server to read the data, but there is also a byte limit, this is to avoid using the server A large amount of data is used to conduct malicious attacks. According to Microsoft, Microsoft has a limit on the maximum data that can be received using Request.Form(). It is 80 KB bytes in IIS 4 and 100 KB bytes in IIS 5

Suggestion: Unless you are sure that the data you submit can be submitted at once, please try to use the Post method

4. Submitting data through the Get method will cause security issues, such as a login page, submitting data through the Get method , the username and password will appear on the URL. If the page can be cached or others can access the customer's machine, the user's account and password can be obtained from the history record, so it is recommended to use the Post method for form submission; the Post method is submitted A common problem with the form page is that when the page is refreshed, a dialog box will pop up

Recommendation: For security reasons, it is recommended to use Post to submit data