Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Technique
  • The difference between POST & GET in Ajax
  • Technique

The difference between POST & GET in Ajax

Do Son September 8, 2017 3 minutes read
ajax

Get and Post are sent to the server a request, but the sending mechanism is different.

1. GET request will be passed in the parameter with the URL , while the POST request is sent as an entity of the content of the HTTP message to the WEB server. Of course, in the Ajax request, this distinction is not visible to the user.

2. The first is “GET method to submit the data can only be up to 1024 bytes”, because GET is submitted through the URL data, then GET can submit the amount of data just like the length of the URL has a direct relationship. In fact, the URL does not exist the upper limit of the problem, HTTP protocol specification does not limit the length of the URL. This restriction is limited by the specific browser and the server. IE limits the length of the URL to 2083 bytes (2K + 35). For other browsers, such as Netscape, FireFox, etc., there is no length limit in theory, and its limitations depend on the support of the operating system. Note that this is the length of the entire URL length, not just your parameter value data length .

3. GET method The requested data is cached by the browser , so others can read the data from the browser’s history, such as account numbers and passwords. In some cases, the GET approach can cause serious security problems . The POST method is relatively easy to avoid these problems.

get the difference between the request and the post request on the server side :

4. When the client uses the get request, the server uses Request.QueryString to get the parameters, and the client uses the post request, the server uses the Request.Form to get the parameters.

The HTTP standard contains these two methods for a different purpose. POST is used to create resources, the contents of the resource will be included in the contents of the HTTP request. For example, to process an order form, add new rows to the database, and so on. When the request for no side effects (such as search), you can use the GET method; when the request for side effects (such as adding data lines), then use the POST method . A more practical question is that the GET method may produce a long URL that may exceed the limits of the URL length of some browsers and servers.

If any of the following conditions are met, the GET method is used:

  • The request is to find the resource, and the HTML form data is only used to help the search.
  • Request results without persistent side effects.
  • The total length of the collected data and the input field name within the HTML form does not exceed 1024 characters.

If any of the following conditions are met, the POST method is used:

  • The result of the request has a persistent side effect, for example, adding a new row of data in the database.
  • If you use the GET method, the data collected on the form may make the URL too long.
  • The data to be transmitted is not a 7-bit ASCII code.

 

Share this article:

Facebook Post LinkedIn Telegram
Tags: Ajax GET post

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
  • CVE-2026-55879CVSS 9.3
    OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the...
  • CVE-2026-12761CVSS 9.8
    The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.