JSP programming best practice: Use the post method for form submission
Data can be sent from client to server by way of an HTML form using either the get or the post method. Servlets can handle either method properly by appropriately parsing and decoding the incoming request. In general, use of the post method is recommended due to the following reasons:
- Get request data is transmitted as part of the URL string and is hence vulnerable from security viewpoint, unless the URL string is encoded. In contrast, post request data is sent as part of the HTTP message body and is hence considerably less exposed.
- Different platforms and Web servers can impose a limit on the length of the URL string, which includes the get request data.
- Get request data is restricted to the ASCII character set. In contrast, the post method, with the content type of multipart/form-data, can cover the entire ISO10646 character set.
Related reference
WebSphere Commerce JSP programming best practices