Any production benefit to GET over POST?

Question

I'm working on a LAMP environment, using PHP. My scripts read client data using $_REQUEST instead of $_GET or $_POST. I'm thinking that once I reach production, I will just change my jQuery defaults from GET to POST.

Can anyone see any disadvantages with this approach?

More info?

My jQuery Ajax setup sets GET by default - the output from urls displayed in the console.log help me examine what args were successfully passed with and without values.

In a production environment the URL data will be revealed in log files which might create weaknesses. While not presently critical, I'm taking the long term view. It would also, I suspect lead to larger log files (not in itself a problem, but still a consideration).

GET is limited in length though few browsers adhere to the generous limits which I am not likely ever to reach.

POST has advantages by having fewer limits. It also permits the upload of files.

Like my first paragraph said... I'm just trying to weigh the good and the bad on moving from GET to POST.

All comments welcome...

Answer 1

There should be no "weighing of benefits". They are used for different things. GET should be used whenever there is no effect of the request on the state of the server (apart from trivial ones, like access logging). POST should be used when there is (ignoring now the REST methods like PUT or DELETE).

For example, if you want to ask the server to show you the next page, to list the available items, to show you a picture... you should use GET. If you want to ask the server to change the database, remember your choice, send an email, upload a file, delete a file, shutdown the server... you use POST.

This is not just a matter of principle; it is a contract that is relied on by other web actors, such as crawlbots. If you have no authentication and your delete action are GET links, one visit from Googlebot can wipe out your database.