from the last two years i am working with php.But i have one question that is we use post and get methods,we know that post secure than get method.
But still why we are using get method, when it is insecure.
I hope u all got my point.Thanks in advance.
You use post for larger amounts of data, or data that you don't want to appear within the url. For instance, you don't want the url to delete a page, or create one, to appear in someones history. Neither do you want to save passwords in this way.
For search strings and such, you can easily use get. It allows users to copy a specific url, like a specific search reasult, or a link to the 5th page in a paginated list.
So, either are ok for their own purposes. The only thing you should remember is the maximum size of 8Kb for an url, including the get parameters.
Use GET requests when it makes sense for the user to be able bookmark the request, share the request, and come back to over and over again. It makes sense to be able to bookmark the result of a Google query, for example.
Use GET requests when the user is simply fetching/viewing a resource, and doesn't have any significant side-effects on your website's data or on future requests. If the request is creating, modifying, or deleting something, it should be a POST. If the user is logging in to a website, that has effects on future requests, so it should be a POST, not a GET.
Note: Users can still change POST variables.
It's easier to for the user to change query string (GET) values, but it's not too difficult for the user to change POST values. Your website's security should take this into account! Using POST for security isn't really a valid reason, except for the fact that POST variables aren't part of the URL and aren't bookmarked, while GET variables are. This prevents users from accidentally sharing things like passwords when sharing links.
GET is better for things that should be able to be bookmarked, and simple queries with few, short parameters.
POST is better for sensitive fields that the user shouldn't see, for large binary transfers, and for transfers with many fields or very long fields.
Simple answer is
GET is used when we want to pass the data which is not going to change (say static), addition to this Get is unsecured but it doesn't need any user input. For Searching mostly GET is used, best example is see you address bar (O.O) Its using GET.
POST method is Data which keeps changing, so in forms its mostly used, as the Data keep changing and may need security to post it to other page.
The question you need to answer is "In what way is POST more secure than GET" . Once you answer that question you won't have the first question.
User Roman Starkov does a great job at answering that question in "Is either GET or POST more secure than the other?"
You can check out the whole answer here, but here's the gist (taken from Roman's answer):
The GET request is marginally less secure than the POST request. Neither offers true "security" by itself; using POST requests will not magically make your website secure against malicious attacks by a noticeable amount. However, using GET requests can make an otherwise secure application insecure. The mantra that you "must not use GET requests to make changes" is still very much valid, but this has little to do with malicious behaviour.
