Interview questions for developers are by nature “trick questions”. I say this because I have seen it too many times. On one hand, the question will be a complex narrative with multiple variables and things to consider, yet the answer is clear and straight forward. And on the other hand there is a very basic questions like this one “What is the difference between GET and POST?” where given a certain context, the answer… has layers.
The first layer to this answer is that GET and POST are HTTP Methods. These two, along with PUT, PATCH and DELETE are referred to as HTTP Verbs most commonly used in RESTful APIs. Here is a brief overview:
The GET method requests a representation of the specified resource. Requests using GET should only retrieve data.
The HEAD method asks for a response identical to that of a GET request, but without the response body.
The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server.
The PUT method replaces all current representations of the target resource with the request payload.
The DELETE method deletes the specified resource.
At this point, once could answer this question noting the differences between GET and POST is that GET is a request for a resource and POST is used to submit “something” to a resource. This is indeed true, but very surface level. Lets dig a little deeper.
A quick search on this topic return some valuable information from a little known site on the web, StackOverflow (/sarcasm). The certified answer does confirm our first findings (GET = request, POST = submit) but also adds an interesting note:
In addition to explaining the intended uses of each method, the spec also provides at least one practical reason for why
GET should only be used to retrieve data:
Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission insteadhttps://stackoverflow.com/questions/3477333/what-is-the-difference-between-post-and-get
Here we have some new information on GET. Using GET in a form is not recommended if there is sensitive information because GET encodes the data in the Request-URI — which will appear in the serve logs and may be visible to third parties. Breaking this down, first, what is the Request-URI?
The Request-URI is a Uniform Resource Identifier and identifies the resource upon which to apply the request.https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html
I hope that clears it up! Let’s see if they have an example for us.
GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1
Ok, so it is a URL. Specifically it is the “?variable=some%20information” that you sometimes see in urls. GET submits data through the URI as a query string instead of within the body of the data. At this point I would also accept this as an answer.
Here are the takeaways:
- GET and POST are HTTP Methods.
- GET and POST are RESTful Verbs.
- GET sends a request and expects a result.
- POST sends data to be evaluated / stored.
- GET data is viewable in the URL and Logs.
As an interviewer, bonus points would be given if concepts such as input sanitization, sql injection, language specific handling (i.e. $_REQUEST in php) were brought up.
I hope this gives you (interviewer or interviewee) some clear information on what should be expected as an answer to this classic question. Let me know your thoughts on GET and POST in the comments and what interview questions you want covered.