https://forums.asp.net/t/1796310.aspx?ASP+NET+form+method+post+and+get+

GET: 
1) Data is appended to the URL(QueryString)
2) Data is not secret.(Can be seen by anyone) 
3) It is a single call system 
4) Maximum data that can be sent is 256. 
5) Data transmission is faster 
6) This is the default method for many browsers

POST: 
1) Data is not appended to the URL but sent as part of Http Body.
2) Data is Secret 
3) It is a two call system. 
4) There is no Limit on the amount of data.That is characters any amount of data can be sent. 
5) Data transmission is comparatively slow. 
6) No default and should be Explicitly specified.

https://social.technet.microsoft.com/wiki/contents/articles/11697.using-method-type-postget-in-asp-net-web-form.aspx

I  will start the article from with detailed information.

Actually form has two types of in asp.net2.0.
1) Get
2) Post

When working with Get method:

  • We can access all form input variables in the next page which we mentioned in the action attribute.
  • All the submitted information is displayed in the address bar as part of the URL.
  • Url Which is not secured because values will be shown in address bar

When working with Post method:

  • we can access the variables in the page which we mentioned in the action attribute.
  • we can access those variable as shown below
  • which is more secured, variable not accessible

Now we will have small application with 2 web pages

1)       default.aspx

2)       Webform.aspx

GET:

  • I have given the value for action attribute is webform1.aspx in the default.aspx page with method type

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="WebApplication1._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

<title>Untitled Page</title>

</head>

<body>

<form action="webform1.aspx" method="get" >

First name: <input type="text" name="fname" /><br />

Last name: <input type="text" name="lname" /><br />

Age: <input type="text" name="age" /><br />

<input type="submit" value="Submit" />

</form>

</body>

</html>

  • Variables will be available in the address bar like below .

http://localhost:50920/webform1.aspx?fname=jhon&lname=smith&age=30

  • We can access the variables from the Address to Form using Request.QueryString[] like below.

protected void Page_Load(object sender, EventArgs e)

{

if (Request.QueryString["fname"] != null)

{

Response.Write("fname : " + Request.QueryString["fname"] + \n");

}

if (Request.QueryString["lname"] != null)

{

Response.Write("lname : " + Request.QueryString["lname"] + "");

}

}

POST:

  • Variables will be post to the next page  using Post method type

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="WebApplication1._Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

<title>Untitled Page</title>

</head>

<body>

<form action="webform1.aspx" method="post" >

First name: <input type="text" name="fname" /><br />

Last name: <input type="text" name="lname" /><br />

Age: <input type="text" name="age" /><br />

<input type="submit" value="Submit" />

</form>

</body>

</html>

  • We cannot access the variables from the url.

http://localhost:50920/webform1.aspx

  • We can access the variables from the request. Form [].

protected void Page_Load(object sender, EventArgs e)

{

if (Request.Form["fname"] != null)

{

Response.Write("fname : " + Request.Form["fname"] + "\n");

}

if (Request.Form["lname"] != null)

{

Response.Write("lname : " + Request.Form["lname"] + "");

}

}

https://www.w3schools.com/tags/ref_httpmethods.asp

The GET Method

Note that the query string (name/value pairs) is sent in the URL of a GET request:

/test/demo_form.php?name1=value1&name2=value2

Some other notes on GET requests:

  • GET requests can be cached
  • GET requests remain in the browser history
  • GET requests can be bookmarked
  • GET requests should never be used when dealing with sensitive data
  • GET requests have length restrictions
  • GET requests should be used only to retrieve data

The POST Method

Note that the query string (name/value pairs) is sent in the HTTP message body of a POST request:

POST /test/demo_form.php HTTP/1.1
Host: w3schools.com
name1=value1&name2=value2

Some other notes on POST requests:

    • POST requests are never cached
    • POST requests do not remain in the browser history
    • POST requests cannot be bookmarked
    • POST requests have no restrictions on data length

https://security.stackexchange.com/questions/33837/get-vs-post-which-is-more-secure

POST is more secure than GET for a couple of reasons.

GET parameters are passed via URL. This means that parameters are stored in server logs, and browser history. When using GET, it makes it very easy to alter the data being submitted the the server as well, as it is right there in the address bar to play with.

The problem when comparing security between the two is that POST may deter the casual user, but will do nothing to stop someone with malicious intent. It is very easy to fake POST requests, and shouldn't be trusted outright.

The biggest security issue with GET is not malicious intent of the end-user, but by a third party sending a link to the end-user. I cannot email you a link that will force a POST request, but I most certainly can send you a link with a malicious GET request. I.E:

Click Here for the best free movies!

Edit:

I just wanted to mention that you should probably use POST for most of your data. You would only want to use GET for parameters that should be shared with others, i.e: /viewprofile.php?id=1234, /googlemaps.php?lat=xxxxxxx&lon=xxxxxxx

ASP.NET form method "post" and "get"的更多相关文章

  1. html form method 属性不支持put,delete请求方式,以及开启spring mvc的rest的方式

    1.加上隐藏域解决form method 不支持put,delete的请求方式的问题 2.配置spring mvc HiddenHttpMethodFilter过滤器实现对put和delete请求方式 ...

  2. asp.net form身份认证不定时认证失败的问题 排查

    1.网站出现form认证不定时认证失败.登陆过后 每隔一会儿就需要重新登陆.首先检查的是form身份认证票据设置的时间(正常) 然后检查加密后的身份认证信息写入的cookie的失效时间(正常) 2.这 ...

  3. Asp.Net Form验证不通过,重复登录

    问题产生根源: 当然,其实应该需要保持线上所有机器环境一致!可是,写了一个小程序.使用的是4.5,aysnc/await实在太好用了,真心不想把代码修改回去. so,动了念头,在这台服务器上装个4.5 ...

  4. Asp.net Form登陆认证的回顾学习

    asp.net网站中,我最常用的就是Form认证了,在实现登陆时,利用Form认证实现用户的访问权限,哪些页面是可以匿名登陆,哪些页面需要认证后才能访问,哪些页面不能访问等等权限.我还可在登陆时,使用 ...

  5. asp.net Form 认证【转】

    第一部分 如何运用 Form 表单认证 一.        新建一个测试项目 为了更好说明,有必要新建一个测试项目(暂且为“FormTest”吧),包含三张页面足矣(Default.aspx.Logi ...

  6. Asp.Net Form表单控件的回车默认事件

    当form表单文本框控件在收到回车事件时,默认会触发表单内第一个可提交按钮的事件,但业务中可能要求有其它控件进行提交,而不是这个默认的 这时需要脚本控件事件冒泡传递取消回事事件. $(document ...

  7. Asp.Net Form验证不通过,重复登录(.net4,4.5form验证兼容性问题)

    问题产生根源: 当然,其实应该需要保持线上所有机器环境一致!可是,写了一个小程序.使用的是4.5,aysnc/await实在太好用了,真心不想把代码修改回去. so,动了念头,在这台服务器上装个4.5 ...

  8. asp.net form 验证方式的使用(转载)

    如何运用 Form 表单认证 ASP.NET 的安全认证,共有“Windows”“Form”“Passport”“None”四种验证模式.“Windows”与“None”没有起到保护的作用,不推荐使用 ...

  9. form&method【POST~GET】

    <form.../>中method属性指定了该表单是以哪种方式提交请求,有两种方式:GET请求方式和POST请求方式,默认是GET请求方式.两种方式的区别:get方式的请求是在浏览器地址栏 ...

随机推荐

  1. Codeforces Gym 100015F Fighting for Triangles 状态压缩DP

    F Fighting for Triangles Description Andy and Ralph are playing a two-player game on a triangular bo ...

  2. UVA 11346 - Probability 数学积分

    Consider rectangular coordinate system and point L(X, Y ) which is randomly chosen among all pointsi ...

  3. java中的NIO

    使用传统的输入输出流,当读取输入流中的数据如果没有没有读到有效的数据时,程序将在此处阻塞该线程的执行(使用InputStream的read方法从流中读取数据时,如果数据源中没有数据,它也会阻塞该线程) ...

  4. C# 遍历文件夹及子目录下所有图片.

    要求:取指定目录下面的所有图片,以表格的型式展示并显示该图片的相对路径. 服务端代码: public partial class ViewIcon : System.Web.UI.Page { JAr ...

  5. HIT Software Construction Lab 3

    ​ 2019年春季学期 计算机学院<软件构造>课程 Lab 3实验报告 姓名 刘帅 学号 班号 1703008 电子邮件 1609192321@qq.com 手机号码 目录 1 实验目标概 ...

  6. 【转】C#详解值类型和引用类型区别

    通用类型系统 值类型 引用类型 值类型和引用类型在内存中的部署 1 数组 2 类型嵌套 辨明值类型和引用类型的使用场合 5 值类型和引用类型的区别小结   首先,什么是值类型,什么是引用类型? 在C# ...

  7. Ubuntu 14.04安装Skype

    Skype 4.3版本在14.04 LTS工作正常.安装步骤: $ sudo apt-get remove skype skype-bin:i386 skype:i386 $ sudo apt-get ...

  8. Linux top命令简解

    简介: top 命令是最流行的性能监视工具之一,它是一个优秀的交互式工具,用于监视性能.它提供系统整体性能,但报告进程信息才是 top 命令的长处. top 界面分为两个部份,光标上面部份显示关于系统 ...

  9. CSS3背景 制作导航菜单综合练习题

    CSS3背景 制作导航菜单综合练习题 小伙伴们,根据所学知识,使用CSS3实现下图的导航菜单效果 任务 1.制作导航圆角 提示:使用border-radius实现圆角 2.制作导航立体风格 提示:使用 ...

  10. (转载)Android项目实战(二十八):Zxing二维码实现及优化

    Android项目实战(二十八):Zxing二维码实现及优化   前言: 多年之前接触过zxing实现二维码,没想到今日项目中再此使用竟然使用的还是zxing,百度之,竟是如此牛的玩意. 当然,项目中 ...