Form provides two ways to transfer data - get and post. Although they are both ways of submitting data, they are indeed very different when actually transmitted and may have serious impacts on the data. Although the web container has blocked some differences between the two in order to facilitate the acquisition of variable values, it will be helpful to understand the differences between the two in the future programming.
The get and post methods in Form correspond to the GET and POST methods in the HTTP protocol respectively during data transmission. The main differences between the two are as follows:
1. Get is used to obtain data from the server, while Post is used to pass data to the server.
2. Get adds the data in the form to the URL pointed to by the action in the form of variable=value, and uses a ? connection between the two, while the & connection between each variable; Post is to place the data in the form in the data body, and pass it to the URL pointed to by the action in the way the variable and value corresponds to the value.
3. Get is not safe because during the transmission process, data is placed in the requested URL. Nowadays, many existing servers, proxy servers or user agents will record the requested URL into the log file and then place it somewhere, so that some privacy information may be seen by third parties. In addition, users can also directly see the submitted data on the browser, and some internal system messages will be displayed in front of the user. All operations of Post are invisible to the user.
4. The amount of data transmitted by Get is small, which is mainly due to the limitation of URL length; and Post can transfer a large amount of data, so you can only use Post when uploading files (of course there is another reason, which will be mentioned later).
5. Get restricts the value of the data set of Form forms to be ASCII characters; while Post supports the entire ISO10646 character set.
6. Get is the default method of Form.
Using Post to transmit data, Chinese can be converted correctly by setting encoding; however, the data transmitted by Get has not changed. In future programs, we must pay attention to this point.
_________________________________________________________________________________________________
1. The Get method passes user data through URL requests, and connects the fields in the form with its contents in pairs, and places them in the url of the program referred to by the action attribute. For example, http://www.mdm.com/test.asp?name=asd&password=sad, the data will be displayed directly on the url, just like the user clicks on a link. The Post method uses the HTTP post mechanism to place the fields in the form and their contents in the HTML table header and passes them to the server side for processing by the program referred to by the action attribute. The program will read out the data of the form and process it through standard input (stdin).
2. The Get method requires the use of Request.QueryString to obtain the value of the variable; and the Post method uses Request.Form to access the submitted content.
3. The amount of data transmitted by Get is very small, generally limited to about 2 KB, but the execution efficiency is better than the Post method; while the amount of data transmitted by Post method is relatively large, it is waiting for the server to read data, but there are also byte limits. This is to avoid malicious attacks on the server with a large amount of data. According to Microsoft, Microsoft has a limit on the maximum data that can be received with Request.Form(), 80 KB bytes in IIS 4 and 100 KB bytes in IIS 5.
Suggestion: Unless you are sure that the data you submitted can be submitted in one go, please try to use the Post method
4. Submitting data by Get will bring security problems. For example, when a login page submits data through Get, the user name and password will appear on the URL. If the page can be cached or others can access the customer's machine, you can obtain the user's account and password from the history. Therefore, it is recommended to use the Post method for form submission; a common problem with the form page submitted by Post method is that if the page is refreshed, a dialog box will pop up.
Recommendation : For security reasons, it is recommended to submit data using Post