I am developing REST WCF service and As theoretically i know when to opt for what purpose.
GET
to get the resourcePUT
to updatePOST
to InsertDELETE
to delete
But what is the disadvantage if we don't follow this above rule, suppose to insert a record i used GET
method?
I faced a situation i should have used the PUT instead of GET. I had a permission insertion call going to a third party( this was google). I spin a Ajax GET request for update permission call to my Servlet and from their the call went to external service. The external service took considerable amount of time to finish the request. In the mean time I was seeing duplication of same permission call in my server logs. It was browser which keep on calling the server saying are you done? since it is a GET and browser can call the server as many times as possible. Browser followed the standard and my code did not. I had the issue for not following standard.
Because the HTTP GET method is specified as idempotent, a GET request, by specification, can be resubmitted with the assumption that it will not change anything on the server. This is not the case for a HTTP POST which by specification can change the status of the application running on the server.
So, by specification, one can perform an HTTP GET against a page N number of times without worrying of being changing its status.
Not respecting the specification may have various undesired results. For example, Web crawlers follow through GET request to index a site, but not POST. If you allowed an HTTP GET request to make changes to the database, you can easily understand the undesired implication it can have.
Respecting a specification is like respecting an agreement between your service or website and an array of different consumers which can be normal users' browsers but also other services like web crawlers.
You could build a site that uses a GET to insert a record, but you should also expect that whatever is built around to consume your site is functioning with the assumption that you are respecting the agreement.
As a last example, web browsers warn users when they try to refresh a page that was reached by a HTTP POST request warning that some data might be resubmitted. You do not get that layer of protection built-in browsers if the page is reached by a HTTP GET request.
You can read more here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
Search engines access your pages using GET requests, so if you did this, google's crawler might insert records that you didn't want.
Often, people will use POST for any kind of ajax request, with the actual action in the request's body. There's nothing very wrong with this, but the feature is there for you to use, so you might as well use it.