Lecture 22: HTTP GET & POST Requests

BMC201 - Web Technology

Mr. Prashant Kumar Nag

2026-03-17

Lecture 22

HTTP GET & POST Requests

Week 8 | Unit III: JSP & Servlets Introduction
BMC201 - Web Technology
Mr. Prashant Kumar Nag, Assistant Professor

Learning Objectives

Understand HTTP request methods
Differentiate between GET and POST requests
Implement doGet() and doPost() methods
Handle HTML form submissions
Extract request parameters
Send appropriate HTTP responses

HTTP Request Methods

Common HTTP Methods:

GET: Retrieve data from server
POST: Send data to server
PUT: Update existing resource
DELETE: Remove resource
HEAD: Get headers only
OPTIONS: Get supported methods

In servlets, we primarily use GET and POST.

HTTP Request-Response Cycle

sequenceDiagram
    participant Browser
    participant WebServer
    participant Servlet
    participant Database
    
    Browser->>WebServer: HTTP Request (GET/POST)
    WebServer->>Servlet: Forward Request
    Servlet->>Database: Query Data
    Database-->>Servlet: Return Data
    Servlet-->>WebServer: HTTP Response
    WebServer-->>Browser: Display Response

GET Method

Purpose: Request data from server

Characteristics:

Data sent in URL query string
Limited data size (~2KB)
Visible in browser address bar
Can be bookmarked
Can be cached
Not secure for sensitive data
Idempotent (same result on repeated calls)

GET Request Example

URL with Query Parameters:

http://localhost:8080/app/search?query=java&category=books

HTML Form (GET):

<form action="search" method="GET">
  <input type="text" name="query" placeholder="Search term">
  <input type="text" name="category" value="books">
  <button type="submit">Search</button>
</form>

Handling GET Requests: doGet()

@WebServlet("/search")
public class SearchServlet extends HttpServlet {
  
  protected void doGet(HttpServletRequest request,
                      HttpServletResponse response)
    throws ServletException, IOException {
    
    // Get query parameters from URL
    String query = request.getParameter("query");
    String category = request.getParameter("category");
    
    // Generate response
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();
    out.println("<h1>Search Results</h1>");
    out.println("<p>Query: " + query + "</p>");
    out.println("<p>Category: " + category + "</p>");
    out.close();
  }
}

When to Use GET

Search operations: Searching products, articles
Filtering data: Sort, filter options
Pagination: Page numbers in URL
Sharing links: Bookmarkable URLs
Read-only operations: No data modification
Public data: Non-sensitive information

Example URLs:

/products?category=electronics&sort=price
/articles?page=2&limit=10
/weather?city=Delhi&units=metric

POST Method

Purpose: Submit data to server

Characteristics:

Data sent in request body (hidden)
Unlimited data size
Not visible in URL
Cannot be bookmarked
Not cached
More secure than GET
Non-idempotent (may have different results)

POST Request Example

HTML Form (POST):

<form action="register" method="POST">
  <input type="text" name="username" required>
  <input type="email" name="email" required>
  <input type="password" name="password" required>
  <input type="date" name="dob">
  <button type="submit">Register</button>
</form>

Form data sent in request body, not visible in URL.

Handling POST Requests: doPost()

@WebServlet("/register")
public class RegisterServlet extends HttpServlet {
  
  protected void doPost(HttpServletRequest request,
                       HttpServletResponse response)
    throws ServletException, IOException {
    
    // Get form parameters from request body
    String username = request.getParameter("username");
    String email = request.getParameter("email");
    String password = request.getParameter("password");
    String dob = request.getParameter("dob");
    
    // Process registration (save to database)
    boolean success = saveUser(username, email, password, dob);
    
    // Send response
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();
    if (success) {
      out.println("<h1>Registration Successful!</h1>");
      out.println("<p>Welcome, " + username + "</p>");
    } else {
      out.println("<h1>Registration Failed</h1>");
    }
    out.close();
  }
  
  private boolean saveUser(String username, String email, 
                          String password, String dob) {
    // Database logic here
    return true;
  }
}

When to Use POST

User registration: Creating new accounts
Login forms: Authenticating users
Data submission: Creating/updating records
File uploads: Sending files to server
Sensitive data: Passwords, credit cards
Large data: No size limitations

Examples: - User registration and login - Contact form submission - Blog post creation - Order placement

GET vs POST Comparison

Feature	GET	POST
Data Location	URL query string	Request body
Visibility	Visible in URL	Hidden
Data Size	Limited (~2KB)	Unlimited
Security	Less secure	More secure
Bookmarking	Can bookmark	Cannot bookmark
Caching	Can be cached	Not cached
Browser History	Saved	Not saved
Use Case	Retrieve data	Submit data
Idempotent	Yes	No

Extracting Request Parameters

// Single parameter value
String name = request.getParameter("name");

// Multiple values for same parameter (checkboxes)
String[] hobbies = request.getParameterValues("hobby");

// All parameter names
Enumeration<String> paramNames = request.getParameterNames();

// All parameters as Map
Map<String, String[]> paramMap = request.getParameterMap();
for (Map.Entry<String, String[]> entry : paramMap.entrySet()) {
  System.out.println(entry.getKey() + ": " + 
                     Arrays.toString(entry.getValue()));
}

Handling Multiple Values (Checkboxes)

HTML Form:

<form action="preferences" method="POST">
  <input type="checkbox" name="hobby" value="coding"> Coding
  <input type="checkbox" name="hobby" value="music"> Music
  <input type="checkbox" name="hobby" value="sports"> Sports
  <button type="submit">Submit</button>
</form>

Servlet:

protected void doPost(...) {
  String[] hobbies = request.getParameterValues("hobby");
  if (hobbies != null) {
    for (String hobby : hobbies) {
      System.out.println("Hobby: " + hobby);
    }
  }
}

Request Information Methods

// HTTP method (GET, POST, etc.)
String method = request.getMethod();

// Request URI
String uri = request.getRequestURI();  // /app/login

// Query string (for GET)
String query = request.getQueryString();  // user=john&id=5

// Request URL
StringBuffer url = request.getRequestURL();

// Context path
String contextPath = request.getContextPath();  // /app

// Servlet path
String servletPath = request.getServletPath();  // /login

Response Methods

// Set content type
response.setContentType("text/html; charset=UTF-8");

// Get writer for text output
PrintWriter out = response.getWriter();

// Set HTTP status code
response.setStatus(HttpServletResponse.SC_OK);  // 200

// Redirect to another page
response.sendRedirect("success.html");

Common Content Types

// HTML page
response.setContentType("text/html");

// Plain text
response.setContentType("text/plain");

// JSON data
response.setContentType("application/json");

// XML data
response.setContentType("application/xml");

// PDF file
response.setContentType("application/pdf");

Complete Login Example

@WebServlet("/login")
public class LoginServlet extends HttpServlet {
  
  protected void doPost(HttpServletRequest request,
                       HttpServletResponse response)
    throws ServletException, IOException {
    
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    
    // Validate credentials
    if (authenticate(username, password)) {
      // Success - redirect to home
      HttpSession session = request.getSession();
      session.setAttribute("user", username);
      response.sendRedirect("home.jsp");
    } else {
      // Failure - show error
      response.setContentType("text/html");
      PrintWriter out = response.getWriter();
      out.println("<h1>Login Failed!</h1>");
      out.println("<a href='login.html'>Try Again</a>");
    }
  }
  
  private boolean authenticate(String user, String pass) {
    // Database authentication logic
    return "admin".equals(user) && "password".equals(pass);
  }
}

Redirect vs Forward

sendRedirect() - Client-side redirect

response.sendRedirect("success.jsp");

New HTTP request
URL changes in browser
Can redirect to external sites

RequestDispatcher.forward() - Server-side forward

RequestDispatcher rd = request.getRequestDispatcher("result.jsp");
rd.forward(request, response);

Same HTTP request
URL unchanged in browser
Internal forwarding only

Error Handling

protected void doPost(HttpServletRequest request,
                     HttpServletResponse response)
  throws ServletException, IOException {
  
  try {
    String age = request.getParameter("age");
    int ageValue = Integer.parseInt(age);
    // Process age
  } catch (NumberFormatException e) {
    response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    PrintWriter out = response.getWriter();
    out.println("Invalid age format!");
  } catch (Exception e) {
    response.sendError(500, "Internal Server Error");
  }
}

HTTP Status Codes

Success (2xx)

200 OK - Request successful
201 Created - Resource created

Redirection (3xx)

301 Moved Permanently
302 Found (Temporary redirect)

Client Error (4xx)

400 Bad Request
404 Not Found
403 Forbidden

Server Error (5xx)

500 Internal Server Error
503 Service Unavailable

Complete Form to Servlet Flow

registration.html:

<form action="register" method="POST">
  <input type="text" name="username" required>
  <input type="email" name="email" required>
  <input type="password" name="password" required>
  <button type="submit">Register</button>
</form>

RegisterServlet.java:

protected void doPost(...) {
  // Extract form data
  String username = request.getParameter("username");
  String email = request.getParameter("email");
  String password = request.getParameter("password");
  // Process and respond
  response.sendRedirect("welcome.jsp");
}

Handling Both GET and POST

@WebServlet("/user")
public class UserServlet extends HttpServlet {
  
  // Show user form (GET)
  protected void doGet(HttpServletRequest request,
                      HttpServletResponse response)
    throws ServletException, IOException {
    response.setContentType("text/html");
    // Display form
  }
  
  // Process form submission (POST)
  protected void doPost(HttpServletRequest request,
                       HttpServletResponse response)
    throws ServletException, IOException {
    // Process form data
  }
}

POST-Redirect-GET Pattern

sequenceDiagram
    participant Browser
    participant Servlet
    
    Browser->>Servlet: POST /register (form data)
    Servlet->>Servlet: Process & Save Data
    Servlet-->>Browser: 302 Redirect to /success
    Browser->>Servlet: GET /success
    Servlet-->>Browser: 200 Success Page

Benefits: - Prevents duplicate submissions on page refresh - Cleaner browser history - Better user experience

Calculator Example

HTML Form:

<form action="calculate" method="POST">
  <input type="number" name="num1" required>
  <select name="operation">
    <option value="add">+</option>
    <option value="subtract">-</option>
  </select>
  <input type="number" name="num2" required>
  <button type="submit">Calculate</button>
</form>

Calculator Servlet

@WebServlet("/calculate")
public class CalculatorServlet extends HttpServlet {
  
  protected void doPost(HttpServletRequest request,
                       HttpServletResponse response)
    throws ServletException, IOException {
    
    int num1 = Integer.parseInt(request.getParameter("num1"));
    int num2 = Integer.parseInt(request.getParameter("num2"));
    String operation = request.getParameter("operation");
    
    int result = 0;
    switch(operation) {
      case "add": result = num1 + num2; break;
      case "subtract": result = num1 - num2; break;
      case "multiply": result = num1 * num2; break;
      case "divide": result = num1 / num2; break;
    }
    
    response.setContentType("text/html");
    response.getWriter().println("<h1>Result: " + result + "</h1>");
  }
}

Security Best Practices

Use POST for sensitive data (passwords, personal info)
Validate and sanitize all input
Use HTTPS for production
Protect against SQL injection
Implement CSRF tokens for forms
Encode output to prevent XSS attacks
Use parameterized queries
Never trust client-side validation alone

Input Validation Example

// Validate required parameters
if (username == null || username.trim().isEmpty()) {
  response.sendError(400, "Username is required");
  return;
}

// Validate format (email)
if (!email.matches("^[A-Za-z0-9+_.-]+@(.+)$")) {
  response.sendError(400, "Invalid email format");
  return;
}

// Validate length
if (password.length() < 8) {
  response.sendError(400, "Password must be at least 8 characters");
  return;
}

Live Classroom Demo: GET & POST

Use this interactive page during class to demonstrate:

GET and POST request differences
Form data extraction
Query parameter handling
Request/response visualization
Calculator with both methods

Open Demo: GET & POST Requests

Alternative site path: /html/demos/lecture-22-demo.html

Open app.js Source

Common Mistakes to Avoid

Using GET for sensitive data
Not validating input parameters
Forgetting to set content type
Not handling null parameters
Hardcoding URLs in redirects
Ignoring character encoding
Not closing PrintWriter
Mixing HTML and Java code excessively

Summary

GET retrieves data, POST submits data
GET: data in URL, POST: data in body
Use doGet() for GET requests
Use doPost() for POST requests
Extract parameters using request.getParameter()
Set content type before writing response
Validate all user input
Use POST for sensitive/large data

Practice Exercise

Create a Student Registration System:

HTML form with fields: name, email, program, year
Servlet to handle POST submission
Validate all fields
Display confirmation page with entered data
Add a “View All Students” GET endpoint

Bonus: Implement search functionality using GET with query parameters

Resources & References

Questions?

Next: Lecture 23 - Session Tracking & Cookies