$_GET[] vs. $_POST[]

**Wired** · Nov 09th, 2003, 02:37 PM

Just want to make sure I've got this right:

$_GET[] should be used in a form when you don't mind the variables to be seen in the URL. $_POST[] should be used when you do mind, or when it's a hidden variable.

Comments?

**Web Design Forums** · Nov 09th, 2003 02:37 PM

**drews** · Nov 09th, 2003, 02:52 PM

Right. Also if you have sensitive data (passwords, credit card numers, etc), it's better to send by POST.

**ajaspers** · Nov 09th, 2003, 06:33 PM

Credit card numbers should be sent over SSL.

**filburt1** · Nov 09th, 2003, 06:56 PM

$_POST is generally used when:

1. There is a lot of information
2. The information is likely to change or be generated directly as a result of the data
3. You don't want it in the URL (very annoying at times, though, such as with UPS's tracking site where you can't bookmark the exact page)

Usually you use POST when submitting a form, GET for URLs.

**Wired** · Nov 09th, 2003, 07:13 PM

But can't you pass the results of a form to a URL? I'm working on a huge DB site, and pretty much all of the results of a form will result in various UIDs from the DB.

**filburt1** · Nov 09th, 2003, 07:54 PM

Yes you can.

I like to think of it this way: if the URL generated by a GET is longer than the address box, then use POST instead. Nobody likes URLs that are a page long.

**smoseley** · Nov 10th, 2003, 09:54 AM

<form action="get"> sends the parameters in querystring
<form action="post"> sends the parameters in http header

An important thing to remember when using GET is that you may have problems with escape characters in text values and you have a limited length in parameters (256 characters or so?). A post can pass significantly longer values (something like 65k characters), which makes it ideal for textarea inputs corresponding to text fields in your database.

Personally, I only use GETs when I'm sending parameters via an anchor element, since it doesn't support POSTs.

**filburt1** · Nov 10th, 2003, 09:56 AM

POST can actually send a ridiculous amount of data for just a header...upwards of several hundred KB. Think about sites like this were attachments and such are posted by the browser (kind of overloading the simple intentions of HTTP, but whatever).

**smoseley** · Nov 10th, 2003, 10:05 AM

Originally posted by filburt1
POST can actually send a ridiculous amount of data for just a header...upwards of several hundred KB. Think about sites like this were attachments and such are posted by the browser (kind of overloading the simple intentions of HTTP, but whatever).

Doesn't this site se multipart-mime content for uploading image content? That would allow MB of data to be uploaded.

**filburt1** · Nov 10th, 2003, 10:37 AM

Yes:

I still say HTTP wasn't designed for this just as HTML is not designed to do what it used for today, but each to his own.

Thread: $_GET[] vs. $_POST[]

LinkBack

Thread Tools

Search Thread

Display

Remove Ads

Posting Permissions