POST and GET
| Overview Objectives Installing Apache Installing Perl Hello World Anatomy of a CGI Program Hello World with CGI.pm HTML Forms and DOM POST and GET A Form Example Cookie Tutorial Database Tutorial |
Let's take a closer look at the <form> tag:
<form method="post" action="/cgi-bin/myscript.pl">
The action attribute is a path to your CGI program, but what does the method attribute do? There are two different ways that an HTTP request can send CGI variables to a server, GET and POST:
GET
You've probably seen GET requests many times before. A GET request is encoded in the URL of an HTTP request by using the question-mark (?) delimiter:
http://somserver/cgi-bin/foo.pl?fname=Craig&lname=Kelley
Everything after the question mark is the query in the format of name=value. There are some caveots such as spaces, equal signs and amperstands are encoded to protect them, but the idea is that this sort of query is storable as a bookmark or an anchor in some HTML document. If we had a perl program like this:
my $first_name = $cgi->param('fname');
my $last_name = $cgi->param('lname');
print STDERR "$first_name $last_name";and we passed in the above URL, then our error log should print out the following:
Craig Kelley
If you setup your <form> to use the GET method, then a browser will encode all of the form variables into a URL and pass them onto the web server. You can see the variables and their values in the location bar of most web browsers. You should always keep GET requests under 1024 characters, otherwise you may run into problems with older browsers.
POST
A POST request is sent along what is known as an out-of-band (OOB) channel that does not utilize the URL, but rather a special network pipe of its own. The advantage of this method over the GET method is that a lot of data can be sent without cluttering up the URL, and the data is typically not cached by the client's browser for more than a short while. A POST request will look like any other request:
http://someserver/cgi-bin/my_script.pl
But the browser will tell the web server that it has additional variable information, and it will be sent along the same connection that the URL is sent. Many web appications that deal in a lot of data are well served with POST sessions.
Which to Use?
It is good practice to use the GET method whenever you are able to because the POST method is more difficult for a user to manage, and it doesn't function well with a browser's back or history button. On the other side, it's a good idea to use the POST method when something secure or private is being sent such as a password or a credit card number. The following matrix may be of help:
Behavior GET POST Performing an address book query Sending site navagation information Accepting the contents of a message submission Checking to see which mailbox a user is in Sending credit card information Doing a very detailed query Keeping track of session state
- GREEN - Probably use this method
- YELLOW - Perhaps this method may be used
- RED - You probably shouldn't use this method
All pages written by Craig Kelley unless otherwise specified. Please use the Contact link from the menu to submit changes or suggestions. Permission is given to use this tutorial in any way you wish including re-publishing or "mirroring". The most up-to-date version of this document currently resides at http://inconnu.islug.org/~ink/perl_cgi.
This page updated: July 30, 2002 9:38