Why is it bad to pass a string array as a GET call?

Posted on 11/25/2014 7:41:46 PM


Written for a friend, but general-topic enough for a blog post.

To give you a bit of background:

The internet is just a bunch of "Requests" and "Responses."

A client (aka a web page or your javascript) makes REQUESTS to a server. That server processes the Request, does some stuff, and returns some sort of Response.

Parts of a Request.

Just like there's a basic structure to an HTML page (<head> and <body> nodes sitting in a big ol' <html> node), there is structure to an HTTP Request. As I see it, there are four main parts to a web Request:

  1. URL. This is literally a Universal Resource Locator. it is used generally as a means to hit a specific part of your web server.
  2. HTTP Verb. These verbs are used as indicators to the Server as to WHAT the server should do. I'll dive into these more later.
  3. Request headers. This is additional metadata that a Client provides a Server in order to make the Request go through. This is commonly used to pass back and forth data like usernames, passwords, API Keys, content types (whether you're giving the server JSON data or XML data, etc).
  4. Request body. This is often the fattest part of your Request, and its use is to hold the data that the server needs.

More on HTTP Verbs

The most common HTTP Verbs are GET and POST.

Without standards, the ability to communicate on the internet would become hell very quickly, so we've defined these Verbs to each have a specific action.

GET Requests

are used to simply get data. Literally. You pass a URL to the server, maybe with the ID of the record you want to grab, and it does the work. You'll get a Response of a bunch of data, one examble being a list of People in a JSON format.

POST Requests

are used to give data.

Let's say you want to turn a bunch of users to some "inactive" state. One way you could do this would be to post or give an array of UserIds that I want this action performed on. I would POST this array to the server as a Request, so it could DO things.

Typically, the Responses that I expect from a POST are a boolean indicating "things went well!" or "things went poorly :(" but it could be more complicated than that, returning an array of errors. [For example, if I post a phone number, I might get ["Phone numbers cannot be 800-numbers", "Phone number invalid"], etc

tl;dr

GETs should get data, and shouldn't do any "math." They're like printing a document. Once it's out, you can't edit the copy in the computer any more.

POSTs, by contrast, should DO things, and maybe emit a response from it.