File uploading using GET Method

by

GET requests may contain an entity body

RFC 2616 does not prevent an entity body as part of a GET request. This is often misunderstood because PHP muddies the waters with its poorly-named $_GET superglobal. $_GET technically has nothing to do with the HTTP GET request method — it’s nothing more than a key-value list of url-encoded parameters from the request URI query string. You can access the $_GET array even if the request was made via POST/PUT/etc. Weird, right? Not a very good abstraction, is it?

Why a GET entity body is a bad idea

So what does the spec say about the GET method … well:

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered “safe.”

So the important thing with GET is to make sure any GET request is safe. Still, the prohibition is
only “SHOULD NOT” … technically HTTP still allows a GET requests to result in an action that isn’t
strictly based around “retrieval.”

Of course, from a semantic standpoint using a method named GET to perform an action other than
“getting” a resource doesn’t make very much sense either.

When a GET entity body is flat-out wrong

Regarding idempotence, the spec says:

Methods can also have the property of “idempotence” in that (aside from error or expiration issues)
the side-effects of N > 0 identical requests is the same as for a single request. The methods GET,
HEAD, PUT and DELETE share this property.

This means that a GET method must not have differing side-effects for multiple requests for the
same resource. So, regardless of the entity body present as part of a GET request, the side-effects
must always be the same. In layman’s terms this means that if you send a GET with an entity body
100 times the server cannot create 100 new resources. Whether sent once or 100 times the request must
have the same result. This severely limits the usefulness of the GET method for sending entity bodies.

When in doubt, always fall back to the safety/idempotence tests when evaluating the efficacy
of a method and its resulting side-effects.

More Related Contents:

  1. Is sending POST data with a GET request valid?
  2. REST API using POST instead of GET
  3. Uploading a file larger than 2GB using PHP
  4. Passing $_GET value to $_POST
  5. Is either GET or POST more secure than the other?
  6. Using cURL to upload POST data with files
  7. How are POST and GET variables handled in Python?
  8. How to instantiate a File object in JavaScript?
  9. Full Secure Image Upload Script
  10. How can I select and upload multiple files with HTML and PHP, using HTTP POST?
  11. Curl and PHP – how can I pass a json through curl by PUT,POST,GET
  12. Sending a JSON to server and retrieving a JSON in return, without JQuery
  13. How to detect that a file is being uploaded over FTP
  14. Uploading a large file in multipart using OkHttp
  15. Javascript window.open pass values using POST
  16. How to send POST and GET request?
  17. How to check if an uploaded file is an image without mime type?
  18. Html helper for
  19. How to switch from POST to GET in PHP CURL
  20. Ajax file upload
  21. PHP: $_GET and $_POST in functions?
  22. POST a file string using cURL in PHP?
  23. Postman: How to make multiple requests at the same time
  24. Can’t grab progress on http POST file upload (Android)
  25. Upload file bigger than 40MB to Google App Engine?
  26. Upload and POST file to PHP page with Java
  27. What’s the best way to create a single-file upload form using PHP?
  28. How to send an image to an api in dart/flutter?
  29. Remove selected file(s) before upload with Javascript
  30. GET parameters in the URL with CodeIgniter

Leave a Comment