Solving The GET and POST Dilemma

Solving The GET and POST Dilemma

solving get and post dilemma

Weather you should use GET or POST, the debate is endless. Each one has its own preference. So, what is the need of another article on it? Because, weather it’s POST or GET, you can achieve the same results from both. So, in this article I’ll put more emphasis on WHY use one over other, instead of WHERE to use one over other. I’ll keep this article in format interview discussion, so that things can be relatable.

Interviewer:- What are GET and POST requests?

Candidate: GET is used for viewing something, without changing it. E.g. You will make a get request for retrieving a list of books.

POST is used for changing something. You will make a post request for creating a record for new book.

Interviewer:- Any other differences?

Candidate: GET includes all the required data in the URL. And since the data is in URL, it has a certain limit, means you are restricted to put large objects in request parameters.

  • since it is only used for retrieving the data, you should be able to request the same URL over and over without any harm.
  • get request is by default cached by browsers.
  • a history is maintained, any request you made remains in the browser history even after months.
  • being in URL, you can bookmark a particular request in browser
  • request parameters are visible to anyone.

POST is for writing data, submits data to be processed (e.g. from an HTML form) to the identified resource. This may result in the creation of a new resource or the update of existing resource or both.

  • with post you can use payload.
  • browsers understand post behavior and typically give you warnings before reload a page that the data will be resubmitted.
  • request parameters are hidden from the URL so its recommended for passing sensitive data.
  • request doesn’t cached by browsers,
  • no history maintained therefore leaving no trace and hence safe.

Interviewer: Fair enough. But parameters can also be seen in POST with a little bit of hack. Also, no one is stopping me to create a record with GET request. Its just a matter of what I have written on server side. So tell me, what makes my mind to use POST instead of GET?

Candidate: Ummmm, you are right. You can create records with GET also. But let me describe some limitations here.

  • GET requests have encoding type application/x-www-form-urlencoded while POST has multipart/form-data or application/x-www-form-urlencoded. Which means POST is allowed to put binary data in request which is essential for file uploads. GET doesn’t offer this feature
  • Since the browsers understand the behavior between these two requests, they won’t bother sending multiple GET requests. Also you will receive necessary suggestions if you follow the standards i.e. POST request in this case. There are huge chances to miss those suggestions when using GET to create record and you will be ending with a mess in database if not proper server side validations provided.
  • In security point of view. A POST can be sniffed just as easily as a GET. that’s why POST doesn’t do anything much better except the case of screen watching.
  • These two basically have semantic meaning: GET is used to retrieve a resource and POST is used to modify it. The semantics are why you notice the implementation differences in your web browser – since POST allegedly modifies data, a browser should warn before resubmitting a POST request/command. The long you adhere to semantics, the less pain team members will face while maintaining the same code.

Interviewer: That’s pretty much to hear. Welcome onboard you are selected. 🙂

One Reply to “Solving The GET and POST Dilemma”

Leave a Reply