splitforms.com
HTML · FORM ATTRIBUTE

HTML Form Method — GET vs POST explained (live demo)

The method attribute decides how a form sends its data. GET appends it to the action URL as a query string (for searches and filters); POST puts it in the request body (for contact, registration, and anything sensitive or large). Use POST for real submissions.

Updated June 2026 · The <form method> element · 12 elements in the reference

preview · html form method (get vs post)sandboxed · no key
§ 01Copy-paste codeworking · submits to a free backend
form-method.html
<form action="https://splitforms.com/api/submit" method="POST">
  <input type="hidden" name="access_key" value="YOUR_ACCESS_KEY">

  <label for="name">Name</label>
  <input type="text" id="name" name="name" required>

  <label for="email">Email</label>
  <input type="email" id="email" name="email" required>

  <input type="checkbox" name="botcheck" style="display:none">
  <button type="submit">Send</button>
</form>

Replace YOUR_ACCESS_KEY with a key from your free splitforms dashboard. The form posts to one endpoint — submissions land in your inbox and dashboard with spam filtering built in.

§ 02<form method> attributes
AttributeWhat it does
getDefault. Appends fields to the action URL as ?name=value&… — visible in the address bar, history, and server logs. Use for searches and read-only filters.
postSends fields in the request body, not the URL. Use for contact, login, payment, and any large or sensitive data.
dialogCloses a <dialog> the form is inside without submitting data anywhere.
formmethod (button)Overrides the form's method for one button, e.g. a 'Delete' button that POSTs to a different handler.
§ 03Common mistakes
⚠ gotcha

GET leaks data into URLs

GET puts every field in the URL, so emails and messages land in browser history, analytics, and referer headers. Never use GET for anything sensitive.

⚠ gotcha

GET has length limits

URLs are capped (roughly 2,000–8,000 bytes depending on the server). Long messages or file uploads can be silently truncated — POST has no such limit.

⚠ gotcha

POST still needs CSRF care

POST keeps data out of the URL but doesn't make it safe on its own. A hosted form backend handles validation and spam; for your own server, add CSRF protection.

§ 04Questions
What is the difference between GET and POST in HTML forms?
GET appends the form data to the action URL as a query string and is meant for searches and read-only requests. POST sends the data in the request body and is the correct method for contact, login, and registration forms because it keeps large or sensitive data out of the URL.
When should I use method="post"?
Use method="post" for anything that sends real user data — contact forms, sign-ups, logins, payments, and file uploads. It keeps the data out of the URL and has no practical size limit.
What does method="get" do?
It appends each field as ?name=value to the action URL. The data becomes visible in the address bar and browser history, so it should only be used for safe, read-only requests like a search box.
Which method is used for file uploads?
POST only. Files travel in the request body as multipart/form-data; GET cannot send file contents at all.
What is the default form method?
The default is GET. Because that exposes submitted data in the URL, you should explicitly set method="post" on any form that collects real information.

Make this form actually submit.

Point your form at splitforms. 500 free submissions/month, spam filtering, webhooks — no server.

Get free access key →All HTML elements