We know that if we pass some values via GET method we will see the value in the url during the operation. I guess that developers have created POST to make that passing of values to be invisible so make the applications more secure. If I am incorrect please correct me since I am curious about that.
So here is my question.
Is there a way that users have access to what is being sent via that POST associative array? I think maybe it might be possible since what is sent is sent from the client’s machine.
No. POST requests are designed to be non-repeatable. i.e. if you make the same request again, it isn’t a given that you’ll get the same result. It is for things such as adding a comment to a forum, placing an order or changing an address.
The data isn’t in the URI because it shouldn’t be bookmarkable or linked to.
It also allows for large amounts of data to be included and files to be attached.
Absolutely. The client is entirely under the user’s control (unless it is running on a locked down machine that the user can’t control) and can make whatever HTTP request the user wants.
The most trivial case would be for the user to use a tool such as Firebug to edit the form in the browser before submitting it.