Earlier in this chapter, we mentioned that the Post method is preferable to the Get method and recommended that you always use Post unless you have a specific reason not to do so. The Post and Get options determine how a form's criteria is submitted to the server. The Post method sends data to the server in a single line, via the form's header. The Get method first appends the data to the URL before sending the data to the server. Consequently, you can't retrieve the data from the server using the Form collection (Request object). You can still get the data, but you must use the QueryString collection instead, which takes a bit more work. (You'll learn more about ASP's Form and QueryString collections in Chapter 13.)
Our examples rely extensively on the Form collection, so we can best illustrate this behavior by simply changing the Post method to Get in any of our scripts. (Be sure to save the change.) Then, open the page in your browser and try to execute the script. Unfortunately, the script returns an error message because the Form collection fails to return the values needed to complete the script. In addition, the URL also includes a lot of additional text . If you look closely, you'll see that the added text is simply the field names and values.
Figure 4.13 shows the URL after altering our first example script, ch4list1.asp. You might also recall that clicking the button simply displayed the text "It worked!" on the page, and that feature no longer works. Notice that the Get method concatenated script instructions to the address.
Figure 4.13: Using the Get method displays field names and values in the URL.
Since you can use either the QueryString or Form collection to send data to the server, you might think Post and Get are equivalent, but they're not. We recommend the Post method for the following reasons:
Get limits the amount of data (to about 1000 characters).
Get lets the user change the value, which probably isn't a good idea, especially if you've taken precautions (such as using specific fields and validating entries) in your script to limit entries.
Get displays your variable names in the URL. If a user doesn't know how to use the variables, exposing these values probably won't matter. However, if someone intent on breaking into your site visits, you might as well have "Hack me" stamped across your page.
There's no clear advantage to using Get-if you view a site using Get (and you'll know by the URL), you can usually assume the developer simply doesn't know how to access variables from the server using the Form collection or doesn't care to bother.
The Get option is still supported and is valid in XHTML. If you have only a small amount of data to transmit, Get transmits faster than Post. Also, if you want to invoke a server-side application without using a form (including passing parameters), you can do so using Get.