HTTP协议中的GET和POST
HTTP协议中GET方法和POST方法是有所不同的,RFC1945中的英文原文如下:
8.1 GET
The GET method means retrieve whatever information (in the form of an
entity) is identified by the Request-URI. If the Request-URI refers
to a data-producing process, it is the produced data which shall be
returned as the entity in the response and not the source text of the
process, unless that text happens to be the output of the process.The semantics of the GET method changes to a "conditional GET" if the
request message includes an If-Modified-Since header field. A
conditional GET method requests that the identified resource be
transferred only if it has been modified since the date given by the
If-Modified-Since header, as described in Section 10.9. The
conditional GET method is intended to reduce network usage by
allowing cached entities to be refreshed without requiring multiple
requests or transferring unnecessary data.
8.3 POSTThe POST method is used to request that the destination server accept
the entity enclosed in the request as a new subordinate of the
resource identified by the Request-URI in the Request-Line. POST is
designed to allow a uniform method to cover the following functions:o Annotation of existing resources;
o Posting a message to a bulletin board, newsgroup, mailing list,
or similar group of articles;o Providing a block of data, such as the result of submitting a
form [3], to a data-handling process;o Extending a database through an append operation.
The actual function performed by the POST method is determined by the
server and is usually dependent on the Request-URI. The posted entity
is subordinate to that URI in the same way that a file is subordinate
to a directory containing it, a news article is subordinate to a
newsgroup to which it is posted, or a record is subordinate to a
database.A successful POST does not require that the entity be created as a
resource on the origin server or made accessible for future
reference. That is, the action performed by the POST method might not
result in a resource that can be identified by a URI. In this case,
either 200 (ok) or 204 (no content) is the appropriate response
status, depending on whether or not the response includes an entity
that describes the result.If a resource has been created on the origin server, the response
should be 201 (created) and contain an entity (preferably of type
"text/html") which describes the status of the request and refers to
the new resource.A valid Content-Length is required on all HTTP/1.0 POST requests. An
HTTP/1.0 server should respond with a 400 (bad request) message if it
cannot determine the length of the request message's content.Applications must not cache responses to a POST request because the
application has no way of knowing that the server would return an
equivalent response on some future request.
翻译成中文(黄晓东翻译,xdhuang@eyou.com)就是
8.1 GET
GET方法就是以实体方式得到由请求URI所指定资源的信息。如果请求URI只是一
个数据产生过程,那么最终要在回应实体中返回的是由该处理过程的结果所指向
的资源,而不是返回该处理过程的描述文字,除非那段文字恰好是处理的输出。
如果请求消息包含If-Modified-Since标题域,GET方法的语法就变成“条件GET”,
即“(conditional GET)”。 条件GET方法可以对指定资源进行判断,如果它在
If-Modified-Since标题域(见10.9节)中的指定日期后发生了更新,才启动传
输,否则不传输。这种条件GET允许被缓存的实体在不必经过多次请求或不必要
的数据传输就能进行刷新,从而有助于降低网络负载。
8.3 POST
POST方法用来向目的服务器发出请求,要求它接受被附在请求后的实体,并把它
当作请求队列(Request-Line)中请求URI所指定资源的附加新子项。POST被设计
成用统一的方法实现下列功能:
o 对现有资源的注释(Annotation of existing resources);
o 向电子公告栏、新闻组,邮件列表或类似讨论组发送消息;
o 提交数据块,如将表格(form [3])的结果提交给数据处理过程;
o 通过附加操作来扩展数据库。
POST方法的实际功能由服务器来决定,而且通常依赖于请求URI。在POST过程中,
实体是URI的从属部分,就好象文件从属于包含它的目录、新闻组文件从属于发出
该文件的新闻组、记录从属于其所在的数据库一样。
成功的POST不需要在原始服务器创建实体,并将其做为资源;也不需要为未来的
访问提供条件。也就是说,POST方法不一定会指向URI指定的资源。在这种情况下,
200(成功)或204(无内容)都是适当的回应状态,取决于实际回应实体中对结
果的描述。
如果在原始服务器上创建了资源,回应应是201(已创建),并包含一个实体
(对"text/html"类型最为适合),该实体中记录着对新资源请求的状态描述。
在所有的HTTP/1.0的POST请求中,必须指定合法的内容长度(Content-Length)。
如果HTTP/1.0服务器在接收到请求消息内容时无法确定其长度,就会返回400(非
法请求)代码。
应用程序不能缓存对POST请求的回应,因为做为应用程序来说,它们没有办法知道
服务器在未来的请求中将如何回应。
总结和解释:
一、post和get方法在使用上至少有两点不同:
- GET方法通过URL请求来传递用户的输入。即把参数数据队列加到提交表单的ACTION属性所指的URL中,值和表单内各个字段一一对应,在URL中可以看到。POST是通过HTTP POST机制,将表单内各个字段与其内容放置在HTML HEADER内一起传送到ACTION属性所指的URL地址,用户看不到这个过程。
- GET方式的提交你需要用Request.QueryString来取得变量的值,而POST方式提交时,你必须通过Request.Form来访问提交的内容。
提示
通过GET方法提交数据,可能会带来安全性的问题。比如一个登陆页面。当通过GET方法提交数据时,用户名和密码将出现在URL上。如果:
-
- 登陆页面可以被浏览器缓存;
- 其他人可以访问客户的这台机器。
那么,别人即可以从浏览器的历史记录中,读取到此客户的账号和密码。所以,在某些情况下,get方法会带来严重的安全性问题。
建议 :在Form中,建议使用POST方法。
二、<form action="" method="POST">刷新时会弹出提示框,问是否重新发送请求,若改为method="GET"则不会有该提示;且POST请求无长度限制(至少是理论上的),GET有长度限制,最长不超过2048字节。