1. '''Query String''' ['''''GET Method''''']
Passing variables using query string, which means the values are passed along with the URL.
http://www.example.com/page2.php?a=2&b=4&c=6
This can be achieved using one of the form method submission 'GET'.
So You can see that using GET method the values can be sent through query string, and ofcourse the key-value pairs are 'visible' to the user as well. So it is restricted to sent very sensitive data like password and other secured data from one page to another.
In page1.php
The browser divides the URL into parts and recognizes a host, then sends to that host a GET request with the rest of the URL as argument. The server takes it from there. Here the form data are restricted to ASCII codes. Special care should be taken to encode and decode other types of characters when passing them through the URL in ASCII format.
All form data filled in is visible in the URL. Moreover, it is also stored in the user's web browsing history/logs for the browser. These issues make GET method less secure.
One advantage of form data being sent as part of the URL is that one can bookmark the URLs and directly use them and completely bypass the form-filling process.Length of the URL is limited
2. '''Passing as hidden''' ['''''POST Method''''']
The above form when submitted, it calls
this URL - http://www.example.com/page2.php , in which the key-value
pairs are sent as hidden.
this URL - http://www.example.com/page2.php , in which the key-value
pairs are sent as hidden.
| GET | POST | |
|---|---|---|
| Caching/Bookmark | Can be bookmarked. | Can not bookmarked. |
| Security | Less secure. | More safer. |
| Type of data | Sent via URL string,so data can be text only(only ASCII characters) | Text as well as binary data('enctype' attribute with a value "multipart/form-data" ). |
| Data length | Limited. | Unlimited. |
| Submission | If the page is refreshed it would not prompt before the request is submitted again. | It would prompt before the request is re-submitted. |
3. Using COOKIE/SESSION
Before going into that what is the difference between cookie and session?
Cookies - piece of information that a website stores on its client machine, and can be used to keep track of your movement from page to page so you dont need to enter the information that you've already given to the site. But the thing is that, you can save only less amount of data and also storing anything sesitive in the client machine makes anyone to tamper it. So it seems insecure.
Session - which is stored in server side, more secure while using sesitive data.
Can use both the combination of cookie and session to make the website work as the way developer wanted.
== ''When and Where to use these?'' ==
In cases like validating login credentials we can use both cookie and session.
When we storing the login credentials like login username and password into cookie variable it will get stored in the browser so user do not have to re-login to the website every time he visit. That is no need to re-submit login credentials again and again.
Since it is stored in browser, the user can block cookies or delete them at any time. Problem with sessions is that when you close your browser you also lose the session.Session id created will be different each time.
Another situation arises in the case of a shopping cart.
If you are using cookie for storing cart variables and a user had their browser set to block them, then he could not shop in the website. Since the cart variables is to be updated in database, it should be set using a session.
0 comments:
Post a Comment