There are two different submission methods for a form, the choice being specified inside a FORM
element using the METHOD
attribute. The difference between METHOD="GET"
(the default) and METHOD="POST"
is primarily defined in terms of form data encoding, where the GET
method will pass all form data via a URL while the POST
method will pass all form data internally. If you look at technical specifications, you will read about idempotent processing, but ignoring that, what you should know is that GET
is only recommended when a form has no side effects, with a side effect being, for example, modification of a database, sending an email, etc. Generally speaking, the GET
method is less secure, opening up your form to possible hacker activity.[1] It also shows, in a visible way via the URL, details about your underlying site architecture that you may prefer others not to know (especially hackers). My advice: unless you know what you are doing and have a specific reason for using the GET
method, just stick with POST
for all your forms.
For more detail on this topic, reference “Methods GET and POST in HTML forms – what’s the difference?“
[1] That’s not to say the POST method is completely safe or that GET is really dangerous, but that relatively speaking, GET is more susceptible to abuse.
Click to Add the First »