Many of you must be aware that a “form” element in HTML has a method attribute, most of you set it to either GET or POST. In my previous post, I explained what is a simple GET request. This time… Its POST’s turn.
There is a common knowledge, that if you want to hide the data that is submitted, you use POST. But is it that the data is really hidden? The browser is a client and the client MUST send the data to the server, in a GET request the data is sent in a query string.
Consider you have a form with two elements “name” and “sex”. Consider the first scenario where the form’s method attribute is set to GET.
form .. method=”GET” .. action=”/somepage.php”
When the user submits the data, the name-value pairs of the form elements are url-encoded and transmitted in the URL as..
/somepage.php?name=ruturajv&sex=m
The client can see this string in the Addressbar. If you want to “hide” this data, you can set the method to POST, By setting it to POST, the browser sends the data in the request header’s body.
So if the method is POST of the same form above, the request header would be as …
POST /somepage.php HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 19name=ruturajv&sex=m
The above block makes up the standard POST request header. There are two new headers that are added here
- Content-Type: This header tells the server, that the data that is accompanied in the main body is of what type. In this case it is a form data, in an url encoded fashion
- Content-Length: This header is necessary as well, as it specifies the length of the body. By giving this header, you are ensuring that the server WILL read all the data that you’ve sent in the body.
If you check the main body of the header it basically contains name-value pairs separated by an ampersand or &. If the data that is sent in the body contains an ampersand, it is urlencoded to “%26”. There are no spaces between that, I’m unable to write that sequence of charecters in this blog, which makes me do that.
As was with the GET request, the REQEUST is completed by double “returns” (\r\n)
If you want to see all the browser’s behind action, you can download LiveHTTPHeaders an extension for Firefox / Mozilla
17 replies on “HTTP POST Request”
[…] Most of these Request-Response interactions are on the HTTP, yes my favourite. and since a great deal of XML is to be delivered to the Server, its the POST method that is used to send the reqeust. […]
There’s a website that lets you convert URLs to use a post instead of a get – http://www.gettopost.com/gettopost.html. It’s also got a bookmarklet that extracts values from the forms on a webpage into urls. Works really well, not sure what the implications are for webpages relying on post for web security of though…
Hi,
I would like to ask some questions about the HTTP POST Request:
1. Whether the header attributes is depend on the kind of server or settings? I mean, how could i know which attribute can be used to send a request to the server with POST method?
2. How about the “Connection” header? For example “Connection: close” or “Connection: Keep-alive”, whats the different between them? is that influential?
3. Can i make a PHP script without form to handle the HTTP POST request? How?
POST uses BODY to send data, the Headers are only used to tell the server about the data its being sent, or popularly called as meta-data, data/info about data.
eg as in the example above
This is the info that is required in the header, cause the Server passes the data to the scripting language in use.
The Connection header is not related to the POST method, cause it describes the way the client-server connection is treated.
in PHP you have a SUPER GLOBALS Array, $_POST . Inside this variable, which is a key value based array, has all the data posted. For more information: http://in.php.net/manual/en/reserved.variables.post.php
Hi, thanks for the prompt reply
I creating program to send data to server using HTTP POST method with this code:
POST /save.php HTTP/1.1
Host: http://www.anything.com
Connection: Keep-alive
Content-length: 311
Content-Type: text/html
data=here is my data
In the server side, i make a php script without form (there is no text box or submit button).
The reply from server that seems confusing for me is some reply part says that ‘HTTP/1.1 200 OK’, but the other parts says ‘501 Method Not Implemented’, like:
HTTP/1.1 200 OK
Date: Wed, 08 Apr 2009 05:45:56 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8b DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.9
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
501 Method Not Implemented
Method Not Implemented
GET to / not supported.
Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8b DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.xyz.com Port 80
Is there anything wrong? from which side? is the server side (php script) or the client side? Please help
Thanks in advance
there are some errors …
In ur post request I’ve highlighted what should’ve been the actual data.
Try this first, probably ur other errors will go except for the 404 Page Not found error. Make sure your path is correct
Hi, thanks for reply
Answering for your highlighted suggestion, I’m sure that is the actual data, and the path is correct
I’ve testing with different header, and i change the value for ‘Keep-alive’ to ‘Close’ in ‘Connection:’ attribute.. And there is no longer 501 and 404 errors (peculiar?), but the data still not sent..
I also debug in my php program and i think that php script is not recognize the data which send by the request, in other words, the php script can’t read the variable…
Here is my php script:
$str = $_POST[‘data’];
if ($str “”) { echo “data accepted $str”; } else { echo “data not accepted”; }
Is there anything wrong?
Thanks for your help
can u just simply do print_r($_POST)
there is an error, it should be $str == “”
the body of your message must be urlencoded, so for your example message it should be:
data=here+is+my+data
Hi guys, am using J2Me to POST data to IIS server on my comp. The data is encoded ans multipart. On posting, the data is visible on the debugger but the server only gets the first boundary. I cannot access the data itself. Using Jscript.
Someone help!!
Thanks
can u check ur body? I guess the body is having incorrect boundary definitions.. just try to print it and cross-check.
I hope that you will correct a few things in your article:
1. encoding “&” as “&” is *not* URL encoding, but rather HTML entity encoding. You would use this to write an ampersand in your HTML, but in a URL (or in the POST body), you would use percent encoding (in this case “%26”).
2. the purpose of POST is not just to hide the data being sent. GET and POST serve rather different functions, and should be used accordingly (GET is a ‘safe’ operation, and should not be used to change resource data on the server).
hi,
thanks for the bug in the post 😛 I’ve rectified it.. I didn’t mean that POST is used for hiding variables, but its a common term devs use, so I just included so that they could have an easy ref.
GET – used primarily for readonly operations from the Server
POST/PUT/DELETE – used for operations on the server, that are going to change things @ the server’s end.
Thanks for the article, I’m looking at some code at work and was not sure what a HTTP post was.
POST is a type of HTTP method, if you want to know more, or have more ideas about it…
http://in.php.net/fsockopen
http://in.php.net/manual/en/function.fsockopen.php#91554
more @ http://www.javaexperience.com/get-and-post/
[…] https://ruturajv.wordpress.com/2005/12/25/http-post-request/ […]