Is there anything not good using POST instead of G

2019-06-10 00:31发布

问题:

I know the difference between POST and GET, however if I used POST instead of GET, anything not good besides not up to W3C standards? Anything inefficiency, insecurity or anything else?

回答1:

See the answer from deceze:

POST requests can't be bookmarked.

In all the interviews I've done, all the teaching I've done, this is the best place to start. There's a lot more, but start with this.

Ignore anything anyone says about security. A good hacker can change POST to GET easily.

If you get this far, know that POST changes data (adds a membership, or charges a credit card), whereas GET only fetches data (searches for red shirts). The makers of browsers make their browsers behave differently for the results of POST vs GET. The results of POST have side effects that you may not want to repeat (such as adding another membership or double charging a credit card).

If you understand THIS, then read about the POST-Redirect-GET pattern, and understand it well. (Then know that GET has a URL length limit, and that you may need to resort to POST in this case.)



回答2:

Never use POST requests for normal view-only pages. POST requests can't be bookmarked, send in an email or otherwise be reused. They screw up proper navigation using the browsers back/forward buttons. Only ever use them for sending data to the server in one unique operation and (usually) have the server answer with a redirect.

Other than that, they're not more or less efficient or secure than GET requests, they're just for a different purpose.



标签: http post get