• ASP.NET form method "post" and "get"


    https://forums.asp.net/t/1796310.aspx?ASP+NET+form+method+post+and+get+

    GET: 
    1) Data is appended to the URL(QueryString)
    2) Data is not secret.(Can be seen by anyone) 
    3) It is a single call system 
    4) Maximum data that can be sent is 256. 
    5) Data transmission is faster 
    6) This is the default method for many browsers 

    POST: 
    1) Data is not appended to the URL but sent as part of Http Body.
    2) Data is Secret 
    3) It is a two call system. 
    4) There is no Limit on the amount of data.That is characters any amount of data can be sent. 
    5) Data transmission is comparatively slow. 
    6) No default and should be Explicitly specified.

    https://social.technet.microsoft.com/wiki/contents/articles/11697.using-method-type-postget-in-asp-net-web-form.aspx

    I  will start the article from with detailed information.

    Actually form has two types of in asp.net2.0.
    1) Get
    2) Post

    When working with Get method:

    • We can access all form input variables in the next page which we mentioned in the action attribute.
    • All the submitted information is displayed in the address bar as part of the URL.
    •  Url Which is not secured because values will be shown in address bar

    When working with Post method:

    • we can access the variables in the page which we mentioned in the action attribute.
    • we can access those variable as shown below
    • which is more secured, variable not accessible

    Now we will have small application with 2 web pages

    1)       default.aspx

    2)       Webform.aspx

    GET:

    • I have given the value for action attribute is webform1.aspx in the default.aspx page with method type

    <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="WebApplication1._Default" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >

    <head runat="server">

        <title>Untitled Page</title>

    </head>

    <body>

       <form action="webform1.aspx" method="get" >

       First name: <input type="text" name="fname" /><br />

       Last name: <input type="text" name="lname" /><br />

       Age: <input type="text" name="age" /><br />

       <input type="submit" value="Submit" />

     </form>

    </body>

    </html>

    • Variables will be available in the address bar like below .

    http://localhost:50920/webform1.aspx?fname=jhon&lname=smith&age=30 Jump

    • We can access the variables from the Address to Form using Request.QueryString[] like below.

      protected void Page_Load(object sender, EventArgs e)

            {

                if (Request.QueryString["fname"] != null)

                {

                    Response.Write("fname : " + Request.QueryString["fname"] + ");

                }

                if (Request.QueryString["lname"] != null)

                {

                    Response.Write("lname : " + Request.QueryString["lname"] + "");

                }

           }

    POST:

    • Variables will be post to the next page  using Post method type

    <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="WebApplication1._Default" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >

    <head runat="server">

        <title>Untitled Page</title>

    </head>

    <body>

       <form action="webform1.aspx" method="post" >

       First name: <input type="text" name="fname" /><br />

       Last name: <input type="text" name="lname" /><br />

       Age: <input type="text" name="age" /><br />

       <input type="submit" value="Submit" />

     </form>

    </body>

    </html>

    • We cannot access the variables from the url.

    http://localhost:50920/webform1.aspx Jump

    • We can access the variables from the request. Form [].

      protected void Page_Load(object sender, EventArgs e)

            {

                if (Request.Form["fname"] != null)

                {

                    Response.Write("fname : " + Request.Form["fname"] + " ");

                }

                if (Request.Form["lname"] != null)

                {

                    Response.Write("lname : " + Request.Form["lname"] + "");

                }

            }

    https://www.w3schools.com/tags/ref_httpmethods.asp

    The GET Method

    Note that the query string (name/value pairs) is sent in the URL of a GET request:

    /test/demo_form.php?name1=value1&name2=value2

    Some other notes on GET requests:

    • GET requests can be cached
    • GET requests remain in the browser history
    • GET requests can be bookmarked
    • GET requests should never be used when dealing with sensitive data
    • GET requests have length restrictions
    • GET requests should be used only to retrieve data

    The POST Method

    Note that the query string (name/value pairs) is sent in the HTTP message body of a POST request:

    POST /test/demo_form.php HTTP/1.1
    Host: w3schools.com
    name1=value1&name2=value2

    Some other notes on POST requests:

      • POST requests are never cached
      • POST requests do not remain in the browser history
      • POST requests cannot be bookmarked
      • POST requests have no restrictions on data length

    https://security.stackexchange.com/questions/33837/get-vs-post-which-is-more-secure

    POST is more secure than GET for a couple of reasons.

    GET parameters are passed via URL. This means that parameters are stored in server logs, and browser history. When using GET, it makes it very easy to alter the data being submitted the the server as well, as it is right there in the address bar to play with.

    The problem when comparing security between the two is that POST may deter the casual user, but will do nothing to stop someone with malicious intent. It is very easy to fake POST requests, and shouldn't be trusted outright.

    The biggest security issue with GET is not malicious intent of the end-user, but by a third party sending a link to the end-user. I cannot email you a link that will force a POST request, but I most certainly can send you a link with a malicious GET request. I.E:

    Click Here for the best free movies!

    Edit:

    I just wanted to mention that you should probably use POST for most of your data. You would only want to use GET for parameters that should be shared with others, i.e: /viewprofile.php?id=1234, /googlemaps.php?lat=xxxxxxx&lon=xxxxxxx

  • 相关阅读:
    ios7 苹果原生二维码扫描(和微信类似)
    ios7之后 根据UILabel的文字计算frame的方法
    [Luogu1944] 最长括号匹配
    [bzoj3916] friends
    [NOIp2006] 能量项链
    [NOIp2003] 加分二叉树
    [Luogu1353] 跑步Running
    [Luogu2214] Mooo Moo S
    [POJ2452] Sticks Problem
    [POJ2406] Power Strings
  • 原文地址:https://www.cnblogs.com/chucklu/p/7814793.html
Copyright © 2020-2023  润新知