F.2.2- METHOD

METHOD

Using the METHOD attribute,there are two HTML techniques by which a browser can send form information backto the server: POST and GET.By default, the data will be sent to the server with the GET method.

When information is sent via a form, GETadds the data to the end of the returned URL. Once the URL/data arrives at theserver, ASP strips off the data and puts it in the Request object's QueryStringcollection.

The problem with GET is thevisibility of the data. It's easy to read the information on the address linewhen the browser displays the response page, and it's more visible to nefariousindividuals who may be sniffing the connection or examining the server logs.Furthermore, there are limits to the length of a URL +Data string (about 2K or2047 characters to be precise), so large forms may be unable to send all of thedata gathered. On the other hand, GET is usefulfor beginners, since it lets us see exactly what was sent by the form and givesus a feel for how forms actually return data. Although GETis rarely used in the real world, we'll use it in this appendix for learningpurposes.

The preferred method is POST,which puts the information into a data stream that is sent to the server andthen routed directly into the ASP Request.Form collection. By using a separatestream, the data is no longer easily visible and is not affected by the URLlength limits. The biggest disadvantage to POSTis that some firewalls watch for and delete these separate data streams.

For students, the most frequent problems result fromdisagreement in the METHOD between the form andrequest pages. There is no specific statement of the METHODin the response page: the data is sitting in either the Request.QueryString orthe Request.Form collection, depending on whether the METHODused by the form is GET or POST. If you try to gather data from the wrong placeyou'll get nothing.

The following table summarizes the differences: