How should I choose between GET and POST methods in HTML forms?

I wish to know all the pros and cons about using these two methods. In particular the implications on web security.

Thanks.


Solution 1:

To choose between them I use this simple rule:

GET for reads. (reading data and displaying it)

POST for anything that writes (i.e updating a database table, deleting an entry, etc.)

The other consideration is that GET is subjected to the maximum URI length and of course can't handle file uploads.

This page has a good summary.

Solution 2:

Both GET and POST have their place. You should not rely on any of them for security.

GET requests

  • are easily cachable
  • are easily bookmarkable
  • are subject to URI length limitation
  • may show parameters in access logs

POST requests

  • allows file uploading
  • allows large data
  • does not show parameters in browser address bar

Do you want the result of the form submission to be bookmarkable (think Google search)? Use GET.

Would you like the result of the form submission to be cachable? Use GET.

Are your requests not idempotent (safely repeatable)? Use POST and then always redirect to a page that is suitable to get via HTTP GET.

Do you need file uploads? Use POST.