Dumb question but not sure when it comes to get and post with this problem

When a user enters information into a form like a search box, are they posting the input for the server to grab and process so it's a "post" or is it still a "get" request?
19 Replies
Joao
Joaoβ€’15mo ago
If you are searching for content, as in, you want something back it's a GET request. If you are talking about a form like a login form or similar, then you are sending information to the server and that's a POST.
MD
MDOPβ€’15mo ago
I see so in my project a user puts in their search request so that is a get?
Joao
Joaoβ€’15mo ago
Yep But don't worry too much about it, you can technically use a GET request to also send data to the server
MD
MDOPβ€’15mo ago
that's great to know πŸ™‚ thank you so much for clairifying this for me πŸ™‚
Jochem
Jochemβ€’15mo ago
the main restraint is that you don't want any repeatable modification that will generate new data to be done through a GET. robots will happily execute GET statements, and browser refreshes will execute GETs without warning, but both will not do a POST without at least informing the user so anything that you can do that will not cause any modification in the database, can safely be a GET if the modification is minor, and the other costs are negligable, you can use POST
MD
MDOPβ€’15mo ago
hmm so in my case the user puts in their search input and the backend processes it into an api request to my weather api service so that would be a "get" since they're getting a return but not adding their own to it?
Jochem
Jochemβ€’15mo ago
pretty much but if the cost of the API is high, you may want to use a POST to "prevent" automated systems from accessing it "prevent" in quotes because only well behaved systems won't perform post requests
MD
MDOPβ€’15mo ago
it has 1k requests or something high a month but yeah the thing is though im not hosting it and having the user do their own key in my stituation is get ok then or should I avoid it and do post?
Jochem
Jochemβ€’15mo ago
it really depends, but I'd say GET is probably safe
Joao
Joaoβ€’15mo ago
Yeah, maybe I shouldn't have said anything πŸ˜… you can change it but it's not like you should. For one the receiving server may ignore your request...
MD
MDOPβ€’15mo ago
both of you had good answers πŸ™‚ what I've taken away from both responses is it really depends. With user inputting like account creation or login forms and such you dont want bots being there with sensitive info so you can use POST in that case. If you have a page with api calls that can have a high cost in calls... use a POST to prevent the bots from taking over. For something simple and not encrypted then you could use GET like talking to a database for search functions with loading up different search results in a pagination format could be a GET at least that's my understanding thus far hope that is correct please let me know otherwise
Joao
Joaoβ€’15mo ago
If you have a page with api calls that can have a high cost in calls... use a POST to prevent the bots from taking over.
I would only comment on this bit, that you can implement rate-limiting either way.
MD
MDOPβ€’15mo ago
that's true too
Jochem
Jochemβ€’15mo ago
also, POST isn't more secure, it's just something respectful crawler bots won't do, and browsers won't redo without prompting the user it might duplicate actions
bibamann
bibamannβ€’15mo ago
I've got the feeling, there's much misinformation here. So there are different ways to request a server. GET is the most "popular" one. Here all informations are taken from the url (beside some cookie stuff and so on, but that's something different). So if you want to pass variables like the content of a form these vars will be attached in the url. (login.html?user=bibamann&password=abc123) The second popular method is POST - here all the vars are written in some kind of a body of a request. While GET is also restricted to some 1000 chars (afaik depends on the browser), POST requests can be way bigger (the limitation is set by the server and usually several MBs). There are also PUT and DELETE and back in the days all these method where (mainly) used for: GET: just read data - variables are just for pagination or search terms / ids POST: create a new dataset PUT: edit dataset DELETE: delete a dataset Nowadays usually just GET for reading data and POST to create or alter data are used. And of course there are exceptions like create tracking entries on GET requests or GraphQL does everything with POST. However: here's a nice article about the request methods: https://www.torocloud.com/blog/understanding-http-methods-in-rest-api-development
Understanding HTTP methods in REST API development
Learn about the different HTTP methods (GET, POST, PUT, DELETE, etc.) and their usage in REST APIs. Understand their definitions, usage, limitations, and considerations for effective API design. Get a comprehensive guide for building robust and efficient APIs.
Joao
Joaoβ€’15mo ago
And where is the misinformation? The question was not about providing a detailed analysis of the different HTTP requests methods, but about clarifying the main differences between GET and POSt, and common scenarios, when to choose one over another, etc.
MD
MDOPβ€’15mo ago
Hmm ok πŸ™‚ in my current case it's just a search bar and the input is pushed into an api call to a server for weather data and they return back json Still get? πŸ€”
bibamann
bibamannβ€’15mo ago
... like I wrote: Yes, usually GET for searches as you just retrieve and not write data. And you can share the url for others who get the same result then.
bibamann
bibamannβ€’15mo ago
Bots don't submit forms. They don't even "click" buttons. They crawl your website and look for ordinary links. https://www.searchenginejournal.com/googlebot-doesnt-click-on-buttons-what-to-use-instead/400242/ Just pure JS sites (like written in react or vue) are handled differently (that's why everybody's using next or nuxt when it comes to SEO). Instead of throwing in POST requests, you should create a robots.txt if you want some sites not to be indexed.
Search Engine Journal
Googlebot Doesn’t Click On Buttons – What to Use Instead
Google’s web crawler doesn’t interact with buttons when indexing web pages, which may lead to content not getting discovered.
Want results from more Discord servers?
Add your server