How should I choose between GET and POST methods in HTML forms?

Question

I wish to know all the pros and cons about using these two methods. In particular the implications on web security.

Thanks.

Answer 1

One gotcha I noticed the other day and it was a real "DUH!" moment for me.

We have a third party search engine on our site and they use the GET method to post the search query to their code. In addition, I had some code that looked for possible SQL injection attacks in the querystring. My code was screwing everything up because it was looking for words like "EXEC", "UPDATE", "DELETE", etc. Well, turns out the user was looking for "EXECUTIVE MBA" and my code found "EXEC" in "EXECUTIVE" and banned their IP.

Believe me, I'm not bragging about my code, just saying that choosing between GET and POST has semi-far reaching implications other than "do I want my passwords showing up in the querystring".