734 viewsThere are two different submission methods for a form, the choice being specified inside a FORM element using the METHOD attribute. The difference between METHOD="GET" (the default) and METHOD="POST" is primarily defined in terms of form data encoding, where the GET method will pass all form data via a URL while the POST method will pass all form data internally. If you look at technical specifications, you will read about idempotent processing, but ignoring that, what you should know is that GET is only recommended when a form has no side effects, with a side effect being, for example, modification of a database, sending an email, etc. Generally speaking, the GET method is less secure, opening up your form to possible hacker activity.[1] It also shows, in a visible way via the URL, details about your underlying site architecture that you may prefer others not to know (especially hackers). My advice: unless you know what you are doing and have a specific reason for using the GET method, just stick with POST for all your forms.
For more detail on this topic, reference “Methods GET and POST in HTML forms – what’s the difference?“
[1] That’s not to say the POST method is completely safe or that GET is really dangerous, but that relatively speaking, GET is more susceptible to abuse.
Click to Add the First »