Dumb question but not sure when it comes to get and post with this problem
When a user enters information into a form like a search box, are they posting the input for the server to grab and process so it's a "post" or is it still a "get" request?
19 Replies
If you are searching for content, as in, you want something back it's a GET request.
If you are talking about a form like a login form or similar, then you are sending information to the server and that's a POST.
I see so in my project a user puts in their search request so that is a get?
Yep
But don't worry too much about it, you can technically use a GET request to also send data to the server
that's great to know π thank you so much for clairifying this for me π
the main restraint is that you don't want any repeatable modification that will generate new data to be done through a GET. robots will happily execute GET statements, and browser refreshes will execute GETs without warning, but both will not do a POST without at least informing the user
so anything that you can do that will not cause any modification in the database, can safely be a GET
if the modification is minor, and the other costs are negligable, you can use POST
hmm so in my case the user puts in their search input and the backend processes it into an api request to my weather api service
so that would be a "get"
since they're getting a return
but not adding their own to it?
pretty much
but if the cost of the API is high, you may want to use a POST to "prevent" automated systems from accessing it
"prevent" in quotes because only well behaved systems won't perform post requests
it has 1k requests or something high a month but yeah the thing is though im not hosting it and having the user do their own key
in my stituation is get ok then or should I avoid it and do post?
it really depends, but I'd say GET is probably safe
Yeah, maybe I shouldn't have said anything π
you can change it but it's not like you should. For one the receiving server may ignore your request...
both of you had good answers π
what I've taken away from both responses is it really depends. With user inputting like account creation or login forms and such you dont want bots being there with sensitive info so you can use POST in that case. If you have a page with api calls that can have a high cost in calls... use a POST to prevent the bots from taking over. For something simple and not encrypted then you could use GET
like talking to a database for search functions with loading up different search results in a pagination format could be a GET
at least that's my understanding thus far
hope that is correct please let me know otherwise
If you have a page with api calls that can have a high cost in calls... use a POST to prevent the bots from taking over.I would only comment on this bit, that you can implement rate-limiting either way.
that's true too
also, POST isn't more secure, it's just something respectful crawler bots won't do, and browsers won't redo without prompting the user it might duplicate actions
I've got the feeling, there's much misinformation here.
So there are different ways to request a server. GET is the most "popular" one.
Here all informations are taken from the url (beside some cookie stuff and so on, but that's something different).
So if you want to pass variables like the content of a form these vars will be attached in the url. (login.html?user=bibamann&password=abc123)
The second popular method is POST - here all the vars are written in some kind of a body of a request. While GET is also restricted to some 1000 chars (afaik depends on the browser), POST requests can be way bigger (the limitation is set by the server and usually several MBs).
There are also PUT and DELETE and back in the days all these method where (mainly) used for:
GET: just read data - variables are just for pagination or search terms / ids
POST: create a new dataset
PUT: edit dataset
DELETE: delete a dataset
Nowadays usually just GET for reading data and POST to create or alter data are used. And of course there are exceptions like create tracking entries on GET requests or GraphQL does everything with POST.
However: here's a nice article about the request methods: https://www.torocloud.com/blog/understanding-http-methods-in-rest-api-development
Understanding HTTP methods in REST API development
Learn about the different HTTP methods (GET, POST, PUT, DELETE, etc.) and their usage in REST APIs. Understand their definitions, usage, limitations, and considerations for effective API design. Get a comprehensive guide for building robust and efficient APIs.
And where is the misinformation? The question was not about providing a detailed analysis of the different HTTP requests methods, but about clarifying the main differences between GET and POSt, and common scenarios, when to choose one over another, etc.
Hmm ok π in my current case it's just a search bar and the input is pushed into an api call to a server for weather data and they return back json
Still get? π€
... like I wrote: Yes, usually GET for searches as you just retrieve and not write data. And you can share the url for others who get the same result then.
Bots don't submit forms. They don't even "click" buttons. They crawl your website and look for ordinary links. https://www.searchenginejournal.com/googlebot-doesnt-click-on-buttons-what-to-use-instead/400242/
Just pure JS sites (like written in react or vue) are handled differently (that's why everybody's using next or nuxt when it comes to SEO).
Instead of throwing in POST requests, you should create a robots.txt if you want some sites not to be indexed.
Search Engine Journal
Googlebot Doesnβt Click On Buttons β What to Use Instead
Googleβs web crawler doesnβt interact with buttons when indexing web pages, which may lead to content not getting discovered.