HTTP GET and POST Methods - Dleifnesor/NET-215 GitHub Wiki

HTTP Message Structure

HTTP messages consist of the following components:

Request Message

  • Start Line: Contains the HTTP method (e.g., GET, POST).
  • Headers: Key-value pairs that provide metadata.
  • Body: Used mainly with POST to send data.

Response Message

  • Status Line: Provides the status code (e.g., 200 OK).
  • Headers: Metadata from the server.
  • Body: Usually contains the HTML or other response content.

Example: GET Request (Form Submission)

Raw HTTP Request

 /welcome_get.php?name=adam&[email protected] HTTP/1.1
Host: 192.168.1.212
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Referer: http://192.168.1.212/forms/GET-Form.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
  • Query Parameters are in the URL.
  • No message body is present.
  • Visible in browser history and logs.
  • Example URL:
    http://192.168.1.212/welcome_get.php?name=adam&[email protected]
    

Example: POST Request (Form Submission)

Raw HTTP Request

 /welcome_post.php HTTP/1.1
Host: 192.168.1.212
Connection: keep-alive
Content-Length: 31
Cache-Control: max-age=0
Origin: http://192.168.1.212
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://192.168.1.212/forms/POST-Form.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8

name=adam&email=adam%40test.com
  • Data is sent in the body, not the URL.
  • Better suited for sensitive or large inputs.
  • Not stored in browser history.
  • Content is URL-encoded.

Summary Comparison: GET vs POST (Request Format Perspective)

Aspect GET POST
Data Location URL query string Message body
Visibility Easily visible in browser and server logs Hidden from URL and history
Max Data Length Limited by URL length (2k-8k chars) No practical limit for typical form data
Use Case Data retrieval, safe for bookmarks Data submission (login, messages, file upload)
Risk with HTTP High – visible in transit/logs Moderate – still readable without HTTPS

HTTP Message Privacy

HTTP is not encrypted.

Anyone able to access a network packet can:

  • Read all headers (request and response),
  • See HTML content,
  • Intercept form data (e.g., login info, messages).

Use HTTPS to protect HTTP traffic.


Forms in HTML

A form (<form>) on a webpage allows a user to enter data to:

  • Be processed client-side (e.g., with JavaScript), or
  • Be submitted server-side (e.g., PHP scripts via GET or POST).

Basic structure:

<form action="endpoint.php" method="get|post">
  <input type="text" name="example">
</form>
  • action specifies the server-side script URL.
  • method determines how the data is sent (get or post).

Example: HTML Form using GET

<html>
  <head>
    <title>NET 225 GET Sample Form</title>
  </head>
  <body>
    Hello NET 225 Student - Please provide the following for this simple GET form:<br>
    <form action="welcome_get.php" method="get">
      Name: <input type="text" name="name"><br>
      E-mail: <input type="text" name="email"><br>
      <input type="submit">
    </form>
  </body>
</html>

Resulting GET Request:

GET /welcome_get.php?name=adam&[email protected] HTTP/1.1
Host: demo-site.com

Example: PHP Script Handling GET (welcome_get.php)

<html>
  <body>
    Welcome <?php echo $_GET["name"]; ?><br>
    Your email address is: <?php echo $_GET["email"]; ?>
  </body>
</html>

Example: HTML Form using POST

<html>
  <head>
    <title>NET 225 POST Sample Form</title>
  </head>
  <body>
    Hello NET 225 Student - Please provide the following for this simple POST form:<br>
    <form action="welcome_post.php" method="post">
      Name: <input type="text" name="name"><br>
      E-mail: <input type="text" name="email"><br>
      <input type="submit">
    </form>
  </body>
</html>

Resulting POST Request (Simplified):

POST /welcome_post.php HTTP/1.1
Host: demo-site.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 42

name=adam&[email protected]

Example: PHP Script Handling POST (welcome_post.php)

<html>
  <body>
    Welcome <?php echo $_POST["name"]; ?><br>
    Your email address is: <?php echo $_POST["email"]; ?>
  </body>
</html>

GET vs POST Comparison

Feature GET POST
Data visible in URL Yes No
Can be cached Yes No
Stored in browser history Yes No
Bookmarkable Yes No
Length limitations Yes No
Suitable for sensitive data No Yes

Avoid using GET to send passwords or sensitive data.


Summary

  • GET: Use for non-sensitive, idempotent requests (e.g., search).
  • POST: Use for sensitive or large payloads, especially when modifying data.
  • Prefer HTTPS for all communications involving personal data.

Resources

⚠️ **GitHub.com Fallback** ⚠️