Many of you must be aware that a “form” element in HTML has a method attribute, most of you set it to either GET or POST. In my previous post, I explained what is a simple GET request. This time… Its POST’s turn.
There is a common knowledge, that if you want to hide the data that is submitted, you use POST. But is it that the data is really hidden? The browser is a client and the client MUST send the data to the server, in a GET request the data is sent in a query string.
Consider you have a form with two elements “name” and “sex”. Consider the first scenario where the form’s method attribute is set to GET.
form .. method=”GET” .. action=”/somepage.php”
When the user submits the data, the name-value pairs of the form elements are url-encoded and transmitted in the URL as..
The client can see this string in the Addressbar. If you want to “hide” this data, you can set the method to POST, By setting it to POST, the browser sends the data in the request header’s body.
So if the method is POST of the same form above, the request header would be as …
POST /somepage.php HTTP/1.1
The above block makes up the standard POST request header. There are two new headers that are added here
- Content-Type: This header tells the server, that the data that is accompanied in the main body is of what type. In this case it is a form data, in an url encoded fashion
- Content-Length: This header is necessary as well, as it specifies the length of the body. By giving this header, you are ensuring that the server WILL read all the data that you’ve sent in the body.
If you check the main body of the header it basically contains name-value pairs separated by an ampersand or &. If the data that is sent in the body contains an ampersand, it is urlencoded to “%26″. There are no spaces between that, I’m unable to write that sequence of charecters in this blog, which makes me do that.
As was with the GET request, the REQEUST is completed by double “returns” (\r\n)