The differences between GET and POST are
Through Get we can send only limited data ,maximum 1 KB.
Bookmarking is possible as we the parameters are appended to the URL.
Less secure as parameters are visible in URL.
Sends unlimited data.
Bookmarking is not possible.
go throgh the below link for more explanation
Fundamental Difference is probably the Visibility - GET request is sent via the URL string (appended to the URI with a question-mark as separator), which is visible whereas POST request is encapsulated in the body of the HTTP request and can't be seen.
Length - Since, GET request goes via URL, so it has a limitation for its length. It can't be more than 255 characters long (though this is browser dependent, but usually the max is 255 characters only). Whereas no such maximum length limitation holds for the POST request for the obvious reason that it becomes a part of the body of the HTTP request and there is no size limitation for the body of an HTTP request/response.
Performance - GET request is comparatively faster as it's relatively simpler to create a GET request and the time spent in the encapsulation of the POST request in the HTTP body is saved in this case. In addition, the maximum length restriction facilitates better optimization of GET implementation.
Type of Data - GET request is sent via URL string and as we all know that URL can be text-only, so GET can carry only text data whereas POST has no such restriction and it can carry both text as well as binary data.
Caching/Bookmarking - again for the obvious reason that a GET request is nothing but an URL hence it can be cached as well as Bookmarked. No such luxuries with a POST request.
FORM Default - GET is the default method of the HTML FORM element. To submit a FORM using POST method, we need to specify the method attribute and give it the value "POST".
Data Set - GET requests are restricted to use ASCII characters only whereas POST requests can use the 'enctype' attribute with a value "multipart/form-data" to use the Universal Multiple-Octet Coded Character Set (UCS).
Gangadhara Rao Duvvarapu wrote:Performance - GET request is comparatively faster as it's relatively simpler to create a GET request and the time spent in the encapsulation of the POST request in the HTTP body is saved in this case. In addition, the maximum length restriction facilitates better optimization of GET implementation.
I sincerely doubt that one could come up with a scenario where performance makes enough of a difference to trump other considerations (or even makes a measurable difference to begin with).
keerthi vineela wrote:
This is a common myth. A POST is no more secure than a GET. SImply because the parameters are not available on the URL does not make them in any way more secure than the parameters that are exposed.
The myth of security is not why on should choose a POST over a GET. HTTP defined how these methods should be used. In a nutshell, a GET is used to fetch an idempotent resources, whils a POST can cause a non-ideomtpotent changes to the server.
Bear Bibeault wrote:A POST is no more secure than a GET.
Well... that depends on what "secure" means in this context. POST parameters are recorded in fewer places than GET parameters - which can end up being stored in browser histories, web server access logs, HTTP caches etc. In that sense POST data is more secure. With respect to being observed in traffic, there is no difference.
Bear Bibeault wrote:The lack of recording affords so little added security that it's barely a blip.
That depends on what kinds of attacks are anticipated. Saying that something is "secure" is generally only meaningful with respect to particular attacks. Sometimes it's the common attacks one wants to guard against, sometimes the not so common ones.
When people say "secured" they usually mean against all known types of attack. So saying "a POST is secured" is a falsehood. It is vulnerable to the most common types of attacks used.