HTTP Methods- GET VS POST

HTTP (Hypertext Transfer Protocol) was created to provide communication between clients and the server. It operates on a request-response model.

There are two basic HTTP methods: GET and POST.

GET Method

The GET method requests data from a specified source. GET requests can be cached and remain in the browser history. They can also be bookmarked.

It should never be used for sensitive data. GET requests have length restrictions, and they should be used only to get data.

Danger

The query strings (name/value pairs) are sent in the GET request's URL.

Example of an input type text with a get method

<!DOCTYPE html>
<html>
  <head>
    <title>Title of the document</title>
  </head>
  <body>
    <form action="/form/submit" method="get">
      First name:
      <input type="text" name="username" placeholder="Your name" />
      <br />
      <br />
      <input type="submit" value="Submit" />
    </form>
  </body>
</html>

Try it Yourself »

POST Method

The POST method submits data to be processed to a specified source. As opposed to the GET method, POST requests are never cached, do not remain in the browser history, and cannot be bookmarked. Moreover, POST requests are not subject to URL length restrictions, though servers typically enforce their own body size limits.

Danger

The query strings (name/value pairs) are sent in the POST request's HTTP message body.

Example of a form with the "post" method

<!DOCTYPE html>
<html>
  <head>
    <title>Title of the document</title>
  </head>
  <body>
    <form action="/form/submit" method="post">
      First name:
      <input type="text" name="username" placeholder="Your name" />
      <br /><br />
      <input type="submit" value="Submit" />
    </form>
  </body>
</html>

Try it Yourself »

Comparison of GET and POST Methods

Feature	GET	POST
Back button/Reload	Harmless	Reloading the page will resubmit the form data. The browser must warn that the data will be re-submitted in this case.
Can be Bookmarked	Yes	No
Can be cached	Yes	No
Encoding Type	application/x-www-form-urlencoded	application/x-www-form-urlencoded or multipart/form-data
History	Remains in browser history.	Doesn't remain in browser history.
Data Length Restrictions	While sending data, GET method adds the data to the URL. The URL length is limited (maximum URL length is 2048 characters).	Doesn't have URL length restrictions, though servers typically enforce body size limits.
Data Type Restriction	Primarily ASCII characters, though UTF-8 is supported via percent-encoding.	Doesn't have restrictions. Binary data is also allowed.
Security	Less secure than POST, as the data sent is part of the URL.	POST is more secure than GET, as data is not visible in the URL or browser history. However, both transmit data in plaintext over HTTP and require HTTPS for actual security.
Visibility	Data is visible to everyone in the URL.	Doesn't show data in the URL.

Note HTML forms natively only support GET and POST methods. To use PUT, PATCH, or DELETE with forms, you typically need JavaScript or backend routing to simulate these methods.

Other HTTP Request Methods

Besides GET and POST methods, there are some other methods. See them below:

Method	Description
HEAD	It is the same as the GET method, but returns only HTTP headers, not the document body.
OPTIONS	It returns HTTP methods that are supported by the server.
CONNECT	It converts the request connection to a transparent TCP/IP tunnel.

Put Method

The PUT method is mostly used for update operations. In other words, with this method, we put a target resource URL with the request body, which contains the representation of the original resource that has been recently updated. This method can also be used for generating a resource when the resource ID chooses the client, not the server.

Take into account that PUT isn’t considered a safe method because it can create or change state on the server, but it is idempotent. This means that if you create or modify the resource with this method and then make the same call for the second time, the resource will still be there with the same state as it did with the first one.

The example below requests the server to save the given entity-body in method.py at the root of the server:

HTTP Methods - Put Method example

PUT /method.py HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.w3docs.com
Accept-Language: en-us
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 160

After storing the given entity-body in the file, the server will send the following response:

HTTP Methods - Put Method example2

HTTP/1.1 201 Created
Date: Tue, 13 Dec 2019 14:53:57 GMT
Server: Apache/2.2.14 (Win32)
Content-Type: text/html
Content-length: 40
Connection: Closed

Patch Method

The PATCH method is mostly used for modification operations. It doesn’t need the whole resource. It only needs to contain the changes to the resource. This method is neither idempotent nor safe. Collisions between two PATCH requests can be very dangerous, as some patch formats need an operation from a shared base-point; otherwise, the resource will be corrupted.

Delete Method

As you can guess, this method is used to delete a resource that is identified by a URL. This method is idempotent, too. When deleting a resource, it is removed. Calling DELETE multiple times yields the same result—the resource remains removed.

The example below requests the server to delete the method.py file, at the root of the server:

Delete Method Request

DELETE /method.py HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.w3docs.com
Accept-Language: en-us
Connection: Keep-Alive

After deleting the file, the server will send the following response:

Delete Method Response

HTTP/1.1 200 OK
Date: Tue, 13 Dec 2019 14:53:57 GMT
Server: Apache/2.2.14 (Win32)
Content-Type: text/html
Content-length: 20
Connection: Closed