This article introduces different methods to interact with the server. There are 4 most basic methods, namely Get, Post, Put, Delete. The full name of the URL is the resource descriptor. We can think so: a URL address, which is used to describe resources on a network, and the GET, Post, PUT, Delete in HTTP corresponds to the investigation, change, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, increase, adding, increasing, Delete 4 operations. At this point, everyone should have a general understanding. Get is generally used to obtain/query resource information, and posts are generally used to update resource information.
1. According to the HTTP specification, GET is used for information acquisition, and it should be safe and power.
(1). The so -called security means that the operation is used to obtain information instead of modified information. In other words, GET requests generally should not produce side effects. That is to say, it is just obtaining resource information, just like database queries, it will not modify, increase data, and will not affect the status of resources.
* Note: The meaning of security here only refers to the non -modified information.
(2). Power, etc. means that multiple requests for the same URL should return the same result. Here I will explain the concept of Mi Wait:
Idempotent and Idempotnce are a mathematical or computer concept, commonly in abstract algebra.
Wait for a few definitions:
For monocular operations, if an operation is the same for the result of the calculation of the operation of the operation and the result of the calculation of the operation, then the result of the operation is the same as the result of the operation. For example, the absolute value operation is an example. In the concentration of real numbers, there are ABS (a) = ABS (ABS (A)).
For binocular operations, if the two values of the participating operations are equal, if the calculation results are equal to the two values of the participating operations, the power of the operation is called Function, there is a concentrated power in the real number, that is, max (x, x) = x.
After reading the above explanation, you should understand the meaning of get power.
But in practical applications, the above two provisions are not so strict. Example of quoting other people's articles: For example, the front page of the news site is constantly updated. Although the second request will return different batch of news, the operation is still considered to be safe and power, because it always returns the current news. Fundamentally, if the goal is that when the user opens a link, he can be sure that he can not change the resources from his own perspective.
2. According to the HTTP specification, POST indicates that the request to change the resources on the server may modify the resource on the server. Continue to quote the above example: still take the news as an example. The reader's comment on the news should be implemented through the POST, because the resources of the site after the comments are different, or the resources have been modified.
Above the above talk about some principles of GET and POST in the HTTP specification. However, in actual doing, many people have not done it in accordance with the HTTP specifications. There are many reasons for this problem, for example::
1. Many people are greedy and convenient. When you update resources, you will use get, because you must go to Form with POST, which will be more troublesome.
2. For the increase, delete, change, check operation, you can actually complete it through get/post without using PUT and Delete.
3. The other is that the early Web MVC framework designers did not consciously treat URL as abstract resources, so a more serious problem is that the traditional Web MVC framework basically only supports GET and POST two HTTP methods are not supported by Put and Delete.
* Simply explain the MVC: MVC originally existed in the desktop program. M is a data model, V refers to the user interface, and C is the controller. The purpose of using MVC is to separate the implementation code of M and V, so that the same program can use different expression forms.
The above 3 points describe the old set of styles (without strict compliance with HTTP specifications). With the development of architecture, the REST (Repositional State Transfer) appears. "Restful Web Services".
After talking about the original reason, we look at the difference between get and post from the surface image:
1. The data requested by theget request will be attached to the URL (that is, place the data in the HTTP protocol header) to divide the URL and transmit data, and the parameters are connected, such as: login.action? Name = hyddd & password = Idontknow & Verify =%E4%BD%A0%E5%A5%BD. If the data is English letters/numbers, the original sending, if it is a space, convert it to+, if it is Chinese/other characters, directly encrypt the string with base64 to obtain it BD, of which XX in % XX is an ASCII represented by hexadecimal.
POST puts the submitted data in the HTTP package.
2. The data submitted byGET can only be 1024 bytes. In theory, there is no limit to POST. It can be passed on a large amount of data. The maximum of 80kb in IIS4 and 100kb in IIS5? Intersection Intersection
The above sentence was transferred from other articles. In fact, this is wrong, and inaccurate:
(1). The first is that the data submitted by the GET method can only be 1024 bytes, because GET is submitted by the URL, then the amount of data that GET can submit is directly related to the length of URL. In fact, the URL does not have the problem of the upper limit of the parameter, and the HTTP protocol specification does not limit the URL length. This limit is a specific browser and server restrictions on it. IE's limit on URL is 2083 bytes (2K+35). For other browsers, such as NetScape, Firefox, etc., there is no long -term limitation, and its restriction depends on the support of the operating system.
Note that this is limited to the entire URL length, not just your parameter value data length. [See Reference Data 5]
(2). In theory, POST has no size limit, and the HTTP protocol specification does not have a size limit. It is said that the size limit of 80K/100K is inaccurate. It is the processing ability of the server's processing program.
For ASP programs, the Request object has a data length limit of 100K when processing each domain. But if you use Request.binaryRead, there is no limit.
From this extension, Microsoft has increased restrictions on IIS 6.0 for security reasons. We still need to pay attention:
1). IIS 6.0 default ASP POST data volume is 200KB, and the domain limit per form is 100KB.
2). IIS 6.0 The maximum size of the file uploading file is 4MB.
3). IIIS 6.0 The largest request header is 16KB.
IIS 6.0 did not have these restrictions before. [See Reference Data 5]
So the above 80K, 100K may be just the default value (Note: I have not confirmed the parameters of IIS4 and IIS5), but it must be set by myself. Since the default values of these parameters of each version of the IIS are different, please refer to the relevant IIS configuration document.
3. In ASP, the server obtain the GET request parameter with request.querystring, and obtain the post request parameter with request.form. In JSP, use the request.getparameter (/xxxx/) to get it. Although there is a Request.GetQueryString () method in the jsp, it is more troublesome to use, such as: pass a test.jsp? Name = hyddd & password = Hyddd, use Request. GetQueryString () gets: name = hydddd & password = hyddd. In PHP, you can use $ _Get and $ _post to obtain data in get and posts, while $ _Request can obtain data in two requests of Get and Post. It is worth noting that there will be hidden dangers to use $ _Request in JSP in JSP and PHP. The next time I will write an article to summarize.
4. POST's security is higher than the security of GET. Note: The safety mentioned here is not the same concept as the security mentioned above. The meaning of the above security is just not to modify the data, and the meaning of security here is the meaning of the real Security. For example, if the data is submitted through Get, the user name and password will appear on the URL, because (1) the login page may be being browser. Caches, (2) Others look at the historical record of the browser, then others can get your account number and password. In addition, using GET to submit data may also cause Cross-Site Request Forgery attack.
To sum up, GET is a request to send data to the server, and POST is a request to submit data to the server. In Form (form), METHOD defaults to get. In essence It's not a hair!