Once you submit a form on a webpage (such as Login form, sign up form, etc.) the data you entered in each of the text fields are passed to a script (could be the same script, or another script on the same domain), and that script handles your data. The data passed to the script are usually transferred using either of the 'GET' or 'POST' methods. The main difference (in terms of their behaviour) of these two is that if the field data are passed using 'GET' method, all the variable values can be seen in the URL. To make this clear let me show you an example. Let's inspect the following link that searches a query in Bing.com:
http://www.bing.com/search?q=behnam+azizi+cgi
As you saw, after you clicked on the link, it searched the query "behnam azizi cgi" using Bing search engine. This is obviously done using 'GET' method as you can see the value of the variables passed to the script (In this case variable q has value "behnam azizi cgi". In other words q="behnam azizi cgi"). Now what the script on the server does is that it reads the value of the variable 'q' and uses the search engine to search for this query.
Of course, in my opinion, this is an advantage of Bing (As far as I know Google does not allow you to do this probably because of security issues), that you can search something using 'GET' method. One advantage that it has is that if you are working on an application and inside the application you want to allow the user to search the web, you can easily use Bing search engine (I bet Microsoft did this on purpose so at least some developers use Bing).
It is true that no one would
In the next post I will talk about post method, and (possible) ways that it could be exploited.
No comments:
Post a Comment