HTML and CSS Reference
In-Depth Information
<form method=GET
action="http://www.kumquat.com/cgi-bin/update">
...
</form>
9.2.4.1. POST or GET?
Which one should you use if your forms-processing server supports both
the POST and GET methods? Here are some rules of thumb:
•
For best form-transmission performance, send small forms with a
few short fields via the GET method.
•
Because some server operating systems limit the number and
length of command-line arguments that can be passed to an ap-
plication at once, use the POST method to send forms that have
many fields or that have long text fields.
•
If you are inexperienced in writing server-side forms-processing
applications, choose GET. The extra steps involved in reading and
decoding POST-style transmitted parameters, while not too diffi-
cult, may be more than you are willing to tackle.
•
If security is an issue, choose POST. GET places the form para-
meters directly in the application URL, where they easily can be
captured by network sniffers or extracted from a server logfile.
If the parameters contain sensitive information like credit card
numbers, you may be compromising your users without their
knowledge. While POST applications are not without their security
holes, they can at least take advantage of encryption when trans-
mitting the parameters as a separate transaction with the server.
•
If you want to invoke the server-side application outside the
realm of a form, including passing it parameters, use GET, be-
cause it lets you include form-like parameters as part of a URL.
POST-style applications, on the other hand, expect an extra
