Web Conference 2004

Writing Perl/CGI Scripts for ITS/ASET Web services

POST method

In the first two examples we used the GET method. Here is an example with the POST method.

<form method="POST" action="http://test.scripts.psu.edu/staff/j/c/jcd/useful/webcon/2004/passingdata.cgi">

What is your favorite color: <input type="text" name="color"> <input type="submit">

</form>

Notice you no longer see "?color=blue" in the URL when you submit the form. The parameters are actually passed another way to the server. Rather that be part of the URL in the HTTP header, the parameters are passed as the HTTP body in the request. The conversation looks like the following:

Browser --HTTP==> Web Server
POST /staff/j/c/jcd/useful/webcon/2004/passingdata.cgi HTTP/1.1 Host: test.scripts.psu.edu User-Agent: Mozilla/5.0 Galeon/1.2.11 (X11; Linux i686; U;) Gecko/20030417 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,/;q=0.1 Accept-Language: en-us, en;q=0.50 Accept-Encoding: gzip, deflate, compress;q=0.9 Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66 Keep-Alive: 300 Connection: keep-alive Referer: http://www.personal.psu.edu/users/j/c/jcd/useful/webcon/2004/post.html Content-Type: application/x-www-form-urlencoded Content-Length: 10 color=blue

Browser --HTTP==> Web Server

POST /staff/j/c/jcd/useful/webcon/2004/passingdata.cgi HTTP/1.1
Host: test.scripts.psu.edu
User-Agent: Mozilla/5.0 Galeon/1.2.11 (X11; Linux i686; U;) Gecko/20030417
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
Accept-Language: en-us, en;q=0.50
Accept-Encoding: gzip, deflate, compress;q=0.9
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.personal.psu.edu/users/j/c/jcd/useful/webcon/2004/post.html
Content-Type: application/x-www-form-urlencoded
Content-Length: 10

color=blue

The data is also passed to the CGI program differently.

Web Server Program (Apache) --STDIN==> passingdata. cgi
color=blue

The param() subroutine understands the different ways GET and POST send data, and checks both places for parameters.

Main differences between GET and POST methods

The browser sends GET parameters as part of the URL, POST in the HTTP body of the request
The server passes the GET parameters to the CGI program in the QUERY_STRING environment variable, POST parameters in the Standard Input (STDIN)
The GET parameters are seen in the Location bar of the browser when the form is submitted, POST are hidden
The GET parameters are seen in the server logs of the target server and in the server logs of any servers whose pages are linked from the target site (via the Referer header); POST are hidden
The GET parameters can be passed in a HTTP redirect, POST parameters can only be passed over a redirect if the browser supports it (I only saw a version of lynx do this)
GET parameters can be easily bookmarked/linked, POST parameters are better for sensitive data, like passwords, and for really long parameters

<- Back - More On CGI

Input and Output - Next ->

If you have any questions, feel free to ask me - mailto:jcd@psu.edu

Last update on: Sunday, 13-Jun-2004 18:34:05 EDT