Stock Tracker - should get be post?


I’m almost finished with all of the requirements for the stock tracker. I was curious about the liking requirements, in particular. If a user is setting a parameter to like a stock, since we’re adding something to the DB (likeAddresses and likes in my case), this should be routed through a POST route and not a GET route, correct? The requirements make it seem like everything should go through a GET route.

As of right now, the only time I’m adding something to the DB through a GET route is if the user searches for a stock that is not in the DB, in which case I verify the stock is a valid stock, then create a record of the stock in the DB.

GET can be used to send data to a server but, clearly, it is not secure since it is sent through the URL encoding. You want to avoid sensitive data in GET, like passwords, payment information. etc.