FAQ : Frequently Asked Questions
FAQ Table of contents
blue line
4. Q:  When should I use method GET, and when should I use method POST in my CGIs?
A:   There are two ways you may invoke a CGI from your html.
1- When you use the anchor technique
   <A> ... </A>
you implicitly use the GET method.
2- When you use the form technique
   <form method=get/post  ... >
you may choose between the GET or the POSTmethod.
Therefore your question makes sense only for the form technique.
Your CGI's, using Mel's service program, are not sensitive to the GET or POST method, but the remote browser is.

The GET method.
The query string (the string starting by ? and containing the request parameters) is visible in the browser command line.
This is useful for testing purposes, because you can easily detect some flaw in the string.
But it is dangerous once you release your CGIs, because the user may try to alter some parameters in your request.

The POST method.
There is no way the user may see the query string, therefore the query string is more protected against undue manipulations.
Another interesting control mastered by the browser when you use the POST method, is the protection against a back page which is not in the cache: a dialog box would appear asking whether you want to re-post your previous request. An educated user, who previously submitted an order, would understand that doing this would re-enter the same order a second time, and would not go back page. If you used instead the GET method, no such dialog box would appear for a back page which is not in the cache.

In conclusion my suggestion is:
-in your forms, use the GET method to perform the test
-but, before releasing your htmls, substitute the GET with the POST method.

blue line