The Problem with GET Requests
Many web developer using a link to trigger actions (like this <a href=”delete.php?id=123″>). I already knew that kind of GET request link is dangerous. But I didn’t clearly understand the usage of POST and GET.Yesterday, while I continue my reading in “Agile Development With Rails”, I found out an interesting chapter “The Problem with GET Requests”.
Almost since HTTP was invented, it was recognized that there is a fundamental difference between HTTP GET and HTTP POST requests. Tim Berners-Lee wrote about it back in 1996. Use GET requests to retrieve information from the server, and use POST requests to request a change of state on the server. The problem is that this rule has been widely ignored by web developers.
See, we shouldn’t used GET request to changing a state on server. How many time do we breaking that rules? We should only used GET request to retrieving data from server. We already using GET request for many state changing request such as deleting, adding and updating database or creating files on server. According to the about rule, we shouldn’t used GET for those kind of requests. A GET request link has been rally easy to happen user error.We should used form and button rather than link. Could we possible to use form for every state changing request? I think, no. But, if we want to do a dangerous action like “Firing Missile”, we really shouldn’t use the GET request link. We could use confirmation page with form. We will have advantages by using form. When user refresh the browser, the browser will warn that there was a POST request. When we can’t use a form, should create a GET request link with effective confirmation and we should certain that the reference page can’t refresh by user.
