HTTP POST Request


Many of you must be aware that a “form” element in HTML has a method attribute, most of you set it to either GET or POST. In my previous post, I explained what is a simple GET request. This time… Its POST’s turn.

There is a common knowledge, that if you want to hide the data that is submitted, you use POST. But is it that the data is really hidden? The browser is a client and the client MUST send the data to the server, in a GET request the data is sent in a query string.

Consider you have a form with two elements “name” and “sex”. Consider the first scenario where the form’s method attribute is set to GET.

form .. method=”GET” .. action=”/somepage.php”

When the user submits the data, the name-value pairs of the form elements are url-encoded and transmitted in the URL as..

/somepage.php?name=ruturajv&sex=m

The client can see this string in the Addressbar. If you want to “hide” this data, you can set the method to POST, By setting it to POST, the browser sends the data in the request header’s body.

So if the method is POST of the same form above, the request header would be as …

POST /somepage.php HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 19

name=ruturajv&sex=m

The above block makes up the standard POST request header. There are two new headers that are added here

  • Content-Type: This header tells the server, that the data that is accompanied in the main body is of what type. In this case it is a form data, in an url encoded fashion
  • Content-Length: This header is necessary as well, as it specifies the length of the body. By giving this header, you are ensuring that the server WILL read all the data that you’ve sent in the body.

If you check the main body of the header it basically contains name-value pairs separated by an ampersand or &. If the data that is sent in the body contains an ampersand, it is urlencoded to “%26″. There are no spaces between that, I’m unable to write that sequence of charecters in this blog, which makes me do that.

As was with the GET request, the REQEUST is completed by double “returns” (\r\n)

If you want to see all the browser’s behind action, you can download LiveHTTPHeaders an extension for Firefox / Mozilla

About these ads

17 Responses to “HTTP POST Request”

  1. GET / HTTP/1.1 » Blog Archive » XML-RPC, SOAP, REST Says:

    [...] Most of these Request-Response interactions are on the HTTP, yes my favourite. and since a great deal of XML is to be delivered to the Server, its the POST method that is used to send the reqeust. [...]

  2. Sean Says:

    There’s a website that lets you convert URLs to use a post instead of a get – http://www.gettopost.com/gettopost.html. It’s also got a bookmarklet that extracts values from the forms on a webpage into urls. Works really well, not sure what the implications are for webpages relying on post for web security of though…

  3. ALFONZ Says:

    Hi,

    I would like to ask some questions about the HTTP POST Request:
    1. Whether the header attributes is depend on the kind of server or settings? I mean, how could i know which attribute can be used to send a request to the server with POST method?
    2. How about the “Connection” header? For example “Connection: close” or “Connection: Keep-alive”, whats the different between them? is that influential?
    3. Can i make a PHP script without form to handle the HTTP POST request? How?

  4. ruturajv Says:

    POST uses BODY to send data, the Headers are only used to tell the server about the data its being sent, or popularly called as meta-data, data/info about data.
    eg as in the example above

    Content-Type: application/x-www-form-urlencoded
    Content-Length: 19

    This is the info that is required in the header, cause the Server passes the data to the scripting language in use.

    The Connection header is not related to the POST method, cause it describes the way the client-server connection is treated.

    in PHP you have a SUPER GLOBALS Array, $_POST . Inside this variable, which is a key value based array, has all the data posted. For more information: http://in.php.net/manual/en/reserved.variables.post.php

  5. ALFONZ Says:

    Hi, thanks for the prompt reply

    I creating program to send data to server using HTTP POST method with this code:

    POST /save.php HTTP/1.1
    Host: http://www.anything.com
    Connection: Keep-alive
    Content-length: 311
    Content-Type: text/html

    data=here is my data

    In the server side, i make a php script without form (there is no text box or submit button).
    The reply from server that seems confusing for me is some reply part says that ‘HTTP/1.1 200 OK’, but the other parts says ’501 Method Not Implemented’, like:

    HTTP/1.1 200 OK
    Date: Wed, 08 Apr 2009 05:45:56 GMT
    Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8b DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    X-Powered-By: PHP/5.2.9
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: text/html

    501 Method Not Implemented

    Method Not Implemented
    GET to / not supported.

    Additionally, a 404 Not Found
    error was encountered while trying to use an ErrorDocument to handle the request.

    Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8b DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.xyz.com Port 80

    Is there anything wrong? from which side? is the server side (php script) or the client side? Please help

    Thanks in advance

  6. ruturajv Says:

    there are some errors …
    In ur post request I’ve highlighted what should’ve been the actual data.

    POST /save.php HTTP/1.1
    Host: anything.com
    Connection: Keep-alive
    Content-length: 311
    Content-Type: application/x-www-form-urlencoded

    Try this first, probably ur other errors will go except for the 404 Page Not found error. Make sure your path is correct

  7. ALFONZ Says:

    Hi, thanks for reply

    Answering for your highlighted suggestion, I’m sure that is the actual data, and the path is correct
    I’ve testing with different header, and i change the value for ‘Keep-alive’ to ‘Close’ in ‘Connection:’ attribute.. And there is no longer 501 and 404 errors (peculiar?), but the data still not sent..
    I also debug in my php program and i think that php script is not recognize the data which send by the request, in other words, the php script can’t read the variable…
    Here is my php script:
    $str = $_POST['data'];
    if ($str “”) { echo “data accepted $str”; } else { echo “data not accepted”; }
    Is there anything wrong?

    Thanks for your help

  8. Dickson Says:

    Hi guys, am using J2Me to POST data to IIS server on my comp. The data is encoded ans multipart. On posting, the data is visible on the debugger but the server only gets the first boundary. I cannot access the data itself. Using Jscript.
    Someone help!!
    Thanks

  9. Ruquay K Calloway Says:

    I hope that you will correct a few things in your article:
    1. encoding “&” as “&” is *not* URL encoding, but rather HTML entity encoding. You would use this to write an ampersand in your HTML, but in a URL (or in the POST body), you would use percent encoding (in this case “%26″).
    2. the purpose of POST is not just to hide the data being sent. GET and POST serve rather different functions, and should be used accordingly (GET is a ‘safe’ operation, and should not be used to change resource data on the server).

    • ruturajv Says:

      hi,

      thanks for the bug in the post :P I’ve rectified it.. I didn’t mean that POST is used for hiding variables, but its a common term devs use, so I just included so that they could have an easy ref.

      GET – used primarily for readonly operations from the Server
      POST/PUT/DELETE – used for operations on the server, that are going to change things @ the server’s end.

  10. David Says:

    Thanks for the article, I’m looking at some code at work and was not sure what a HTTP post was.

  11. HTTP Response searched Links | Swapnil Katre Says:

    […] http://ruturajv.wordpress.com/2005/12/25/http-post-request/ […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: