PHP GET method - Advantages and disadvantages links & forms

We have seen that there are two methods for the user to send data to the server:

Through links that send variables, and through forms. Get method, and post method.

Let's see what criteria we should consider when choosing, if we present the user with a link or a form.

We will start with the get method.

What are its advantages?

• Coding the necessary HTML code to send a data through a get request (a link that attaches variables) is very simple, we do not need to create any form, we simply create common links, which send the necessary data when clicked by the user
• It is invisible to most users, who will believe that clicking a common link will not suspect that they are sending data to the server. Because of this "invisibility", it is likely to be used more than a form

The most common use of requests with the get method is in queries to a database, either for a search, a filtering of catalog products by categories, a keypad where the user chooses a heading or session of a site, etc.

That is to say, when that data that we will send can be in sight (and even be easily modified by a "curious" user that writes in the address bar), since it will not be used to modify data from our database, but only to show part of the public information of the site that, anyway, it would be feasible to find.

For example, a search engine:

http://www.google.com.ar/search?q=palabra

Disadvantages?

The visited addresses will be saved in the browser history. What makes it possible for a user to send again the same variable with the same value at another time.

That, added to our way of programming, could be risky if we use the links to send important data to the server, such as users and passwords.

Imagine a link that looks like this:

login.php?user=Pepe&password=secreto

This would create a serious security problem for our users if, for example, they access from a shared computer (cybercafe, work, etc.), since other users could visit the link from the browser history, and enter where they should not.

The bottom line is that we should not send important data through requests that use the get method. But we can use them to send "navigation" data, such as category codes, products, words to search, etc.