Ever used GET and POST requests with wild abandon? Use POST requests on your forms to “hide” the URL parameters? If so, you probably don’t understand the right and wrong times to use each properly, the keys are safety and idempotency:
It’s not just about GET vs POST. There’s this other little point: the distinction between safe and idempotent.
Safe means a request doesn’t cause any side effects. A safe request just grabs data from a database and display it. Static pages, browsing source code, reading your email online — these are all “safe” requests.
Idempotent means that doing the request 10 times has the same effect as doing it once. An idempotent request might create something in a database the first time, but it won’t do it again. Or it’ll just return the reference to it the next time around.
