Reputation: 29219
Is there any difference between parameters in a URL and <form method="get">?
Now, I know a difference between parameters in a URL and a POST parameter: some browsers may misbehave if the URL is too long, so it is not a good idea to stuff hundreds of parameters in a URL, even if your app can respond to a GET request.
For the sake of discussion, let's suppose the following web application: a user can input a series of (possibly hundreds of) X,Y coordinates. The server plots them in a chart, which is returned as an image.
This is clearly an example of an idempotent operation, so, according to the HTTP spec, it is recommended to be implemented as a GET operation. However, you can't build a URL with all the parameters, as it will be too long. Can a <form method="get"> handle that much parameters ?
I've also heard that <form method="get"> is completely equivalent to placing parameters in a URL ? Now, is that true for some browsers or for the whole HTTP protocol ? Is there a maximum length to a request?
Upvotes: 7
Views: 4725
Answers (8)
Reputation: 4477
The HTTP specification does not explcitely require to place parameters of a GET request into the URI. It would be legal to send a message-body in a GET request like forms using POST do.
However, browsers implement GET forms this way for a very good reason: Caching. GET requests are expected to be processed on the server without side-effects. So responses to GET requests might be cached. This perfomance improvement option is instantly lost if you would start using message-bodies on GET requests.
If you plan to design a chart API, you may want to have a look at Google. They already offer a very good one to the public. Even if it's only for learning how to pack as many information into URI params as possible, it's worth a look.
Upvotes: 3
Reputation: 269687
No, a server cannot see a difference between putting parameters in a URL and using a FORM with a GET method. So, if a given URL with parameters would be too long, using a FORM with a GET method won't help.
POST or GET should be chosen mainly for their semantics. GET is for "safe" actions. That is, users should not be held accountable for an operation performed by a GET request. The POST method is used for operations for which the user is to be held responsible.
It's very frustrating, for example, when a search feature uses POST. A user doesn't expect a simple query to alter any important system state—they expect searching to be a "safe" operation.
On the other hand, many vulnerabilities exist because unsafe operations are accessible through GET requests, as well as POST. This contributes to vulnerabilities like XSRF where an attacker simply needs to get a malicious "src" URL into an IMG tag on a legitimate site.
For your use case, Ajax may actually be an appropriate solution. You could make a GET request for each point selected, storing them in a session at the server. When the user is finished entering points, a final GET request retrieves the finished product.
Upvotes: 2
Reputation: 22310
The HTTP spec does not set limitations, but the browsers and servers do. See here for specifics.
The browser will create a long URL if the method is set to GET for a form, so the above limitations apply.
Upvotes: 7
Reputation: 36702
I've also heard that <form method="get"> is completely equivalent to placing parameters in a URL ?
That's true, here is the corresponding RFC section
Is there a maximum length to a request ?
The spec says "The HTTP protocol does not place any a priori limit on the length of a URI."
However internet explorer 6 has a limit of 2,083 characters. Other browsers allow more characters but if you go that route you will basically have to design for ie6
Upvotes: 0
Reputation: 11362
This isn't an answer to your question about get and post but in a situation like you are describing it is quite often easier to store the more complex data on the server and associate it with a session id or a user account rather than putting it into the URL every time. Then you can use just the identifier for that session in a cookie or as a url parameter to retrieve the image.
That can also help you to cache the requested images so you don't have to go through the work of regenerating them every time a user wants to look at a particular chart again.
Upvotes: 0
Reputation: 14642
GET and url ?name=value&... are the same thing, as the browser merely converts a GET form to a URL before sending the request.
The maximum length of the URL is determined at the browser and server level so, for a given browser/server, it's the smaller of the two.
This post has a good list of current max lengths for URLS
Upvotes: 1
Reputation: 4297
form method=get WILL put all the form's input into the URL.
It's true that browsers have a maximum length for the URL. It changes from browsers to browsers, and surely from Browsers version to browsers version.
If you can, I would recommend you to use POST for your form.
HTH
Upvotes: 1
Reputation: 66122
What your browser actually does is build a really long url from the form inputs. Therefore there will be no difference between a URL and form Method="GET". Either one will result in the same URL being loaded.
Upvotes: 2
Related Questions
- What is the difference between URL parameters and query strings?
- Http maximum GET/POST query parameters supported
- What is the limit on QueryString / GET / URL parameters
- Is always necessary show GET parameters in the URL?
- Is the method used in HTML form (GET) different from HTTP GET?
- Magento getParam v $_GET
- Values in the url is get or post?
- post vs get for URL params?
- Max size of URL parameters in _GET
- URL and http get parameters