AJAX - Using POST instead of GET

Question

Up until now I have been using:

xmlhttp.open("GET","server_script.php?q="+str,true);

Thanks

Edit: I am providing a solution for anyone that may come across this page to demonstrate how to use POST instead of GET. If you are new to AJAX I would recommend this tutorial http://www.w3schools.com/PHP/php_ajax_php.asp using the GET method first.

Solution-

javascript:

xmlhttp.open("POST","script.php",true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.send('var_name='+str);

php:

$var_name = GET['var_name'];

echo $var_name;

For reasons regarding the use of POST and GET - see comments blow.

POST is not more "secure" than GET (apart from not leaving a trace in the history maybe). — Felix Kling, Apr 12 '11 at 16:52
POST should be preferred for queries which change some state on the server. If you are doing a read-only query (as `q=` indicates), then GET is perfectly fine. (The surmised security woes concern CSRF, for which using POST only helps little.) — mario, Apr 12 '11 at 16:54

Naftali · Answer 1 · 2011-04-12T17:13:57.920

7

this is how you would use post:

var url = "server_script.php";
var params = "q="+str;
xmlhttp.open("POST", url, true);

//Send the proper header information along with the request
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.setRequestHeader("Content-length", params.length);
xmlhttp.setRequestHeader("Connection", "close");

xmlhttp.onreadystatechange = function() {//Call a function when the state changes.
    if(xmlhttp.readyState == 4 && xmlhttp.status == 200) {
        alert(xmlhttp.responseText);
    }
}
xmlhttp.send(params);

source

edited Apr 12 '11 at 17:13

answered Apr 12 '11 at 16:49

Naftali

144,921
39
244
303

1

Neal, it looks like you copied that over from a Google result again with very little rewriting. Some attribution would be in order. http://www.openjs.com/articles/ajax_xmlhttp_using_post.php (Also please prefer to type answers on your own.) – mario Apr 12 '11 at 16:58
2

@Neal that is **not** an excuse for quoting without attribution. – Pekka Apr 12 '11 at 17:14
@Pekka, i added the source, and in my last post i also added the source **when i answered the question** and you still complained – Naftali Apr 12 '11 at 17:15
@Neal where did I complain about what? What do you mean? – Pekka Apr 12 '11 at 17:15
sorry @mario did on a previous post that i was copy/pasting info, which i was, and i showed the source and and @mario still complained – Naftali Apr 12 '11 at 17:16
I'm pretty certain my complaints were about the security issues of your code. (Copy+pasting a 3 liner with bad formatting just does look dull.) – mario Apr 12 '11 at 17:24

score 5 · Accepted Answer · edited May 23 '17 at 11:46

5

The query you show is probably perfectly fine as a GET request. No need to change it.

There are reasons to use one over the other: Requests that change state on server side (i.e. change data) should generally use POST; "read" requests should be GET.

This comes with an implicit security advantage because you can't do any damage by smuggling an URL into a user's page (like, showing an image whose URL points to an admin page named deleteall.php).

If your request just retrieves data, you're perfectly fine staying with GET.

See this question for an extensive discussion on when to use which. GET vs POST in AJAX?

edited May 23 '17 at 11:46

Community

1
1

answered Apr 12 '11 at 16:51

Pekka

442,112
142
972
1,088

Hi, thanks for your reply. However I am using it to edit information. – Sheldon Apr 12 '11 at 17:02
@user fair enough, in that case, it makes sense to switch. – Pekka Apr 12 '11 at 17:05

AJAX - Using POST instead of GET

2 Answers2

Linked