那么我们为什么要使用POST而不是GET来发布数据呢？ [英] So why should we use POST instead of GET for posting data?

问题描述

可能重复：

如何在HTML表单中选择GET和POST方法？

什么时候使用POST，什么时候使用GET？ / p>

Possible Duplicates:
How should I choose between GET and POST methods in HTML forms?
When do you use POST and when do you use GET?

显然，你应该这样做。但除了这样做以实现HTTP协议之外，还有什么理由这样做吗？开销减少？某种安全问题？

Obviously, you should. But apart from doing so to fulfil the HTTP protocol, are there any reasons to do so? Less overhead? Some kind of security thing?

推荐答案

因为GET不能按照定义改变服务器的状态。

because GET must not alter the state of the server by definition.

请参阅 RFC2616 9.1.1安全方法：

9.1.1安全方法

9.1.1 Safe Methods

执行者应该知道
软件代表用户通过互联网进行的
互动，而
应该小心让用户知道
可能采取的任何行动。对他们自己或他人有意想不到的
意义。

Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others.

特别是，约定为
确定了GET和HEAD
方法除了检索之外，不应该采取另外
的行动的
意义。这些方法应该被视为安全
。这允许用户
代理以
特殊方式表示其他方法，
，例如POST，PUT和DELETE，这样用户就可以知道
了解a可能需要
不安全的操作。

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

如果你使用GET改变服务器的状态那么搜索引擎机器人或者网页浏览器中的某些链接预取扩展程序会对您的网站造成严重破坏，并且（例如）删除所有用户数据只需跟踪指向您网站的链接。

If you use GET to alter the state of the server then a search engine bot or some link prefetching extension in a web browser can wreak havoc on your site and (for example) delete all user data just by following links to your site.

这篇关于那么我们为什么要使用POST而不是GET来发布数据呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！