I was wondering what might be the relation between the question mark, the variable after the question mark ('show' in this case) and the way it is being passed to the GET method in PHP. Also, why don't we use POST instead of GET?
<?php
if (isset($_GET['show'])
echo $_GET['show'];
?>
<input type="submit" onClick="window.location='index.php?
show=include.inc.php'">
Oh, and the file I am working on is index.php and upon a click, it shows the content of include.inc.php.
Please help. Sorry for any stupid questions.
The question mark denotes that there is a variable to follow!
The way that the $_GET function works is by passing the variables through the URL itself! In this case, its like putting up a sign that says "Hey, show is equal to include.inc.php".
$_POST does the same, but more discreetly. Instead of passing it through the URL, it creates a little package that travels to the receiver, similar to the postal system.
I was wondering what might be the relation between the question mark, the variable after the question mark ('show' in this case) and the way it is being passed to the GET method in PHP.
The question mark indicates the start of a query string in a URL.
The URL is the only convenient place to put data in an HTTP GET request because there is no request body. An HTML form will, by default, when submitted, trigger a GET request and encode the content of the form in the query string.
PHP puts data from the query string in $_GET. It does this no matter what the HTTP request method actually was. It is a poorly named variable name ($_QUERY would be better).
why don't we use POST instead of GET?
You can't bookmark or link to a POST request.
Refreshing the page after making a POST request will prompt the browser to ask the user if they really want to resubmit the data.
In short: POST is designed for making requests which change data on the server (which don't generally make sense to repeat). GET is designed for making requests which only get data from the server (and are thus repeatable).
The code after the ? question mark is what is sent to the server in the HTTP request. (in the format: http://...URL...?key_1=value_1&key_2=value_2)
The onClick="..." code is javascript code executed when the user clicks that button in the browser.
window.location = ... is javascript code to force the browser to change the URL page to whatever it is assigned.
You can use POST instead of GET the data being sent to the server won't be as easily seen by the user in the browser, it won't become part of the URL. E.g. user can bookmark URLs with GET but not with POST data.
Related
I am working on a simple PHP site that involves needing to be able to forward a request made by the user to another page (note that I said forward, and not redirect). I am aware of how to redirect by manipulating the header variable, but I do not wish to do this, as explained below.
I am trying to write a very simple MVC-patterned mailing list app in PHP, drawing from my knowledge of the same in JSP. One of the things that I appreciated about JSP was that you could both forward or redirect a request. For my purposes, I need forward as I wish to keep the request parameters (whereas redirect will drop them).
Here is a description of what I wish to accomplish:
Retrieve input from a form (ie. /add.php)
Process the input in the page called by the form's action (ie. /process.php) and add a success message to the request object
Forward to another page (ie. /display.php) to display the success message in the request object
The only way I am aware of passing the request message to display is to add it to the request object and then access it from the forwarded page. However, the only way I have had success in transitioning to another page is through using the header method, which drops the request object (from what I can tell). I want to find a way to forward the request (object) to the new page, so that I can access the request variables from the new page.
Is there actually anyway to do this in PHP? Java's getRequestDispatcher.forward() is so nice, but I can't find an equivalent through searching. I've tried several similar questions, including the following, but I've never actually found one where both the question and the answer were what I wanted. Most of the answers seem to have something to do with cURL, but I don't want to actually retrieve a file, but simply forward a request in order to access the request object from another page.
Does PHP have an equivalent of Java's getRequestDispatcher.forward()?
Let me know if I should include anything else?
I believe you can do this with include. Before submitting the form just use, as inclusion, in main page:
include ("add.php"); - where the input forms are
after processing the information, include the display.php in the same way; using this, display.php will use same parameters from header, because is included in the same main page.
briefly: add.php, process.php and display.php will be modules for the mother page, but loaded in different state of form processing.
Hope it helps!
use curl with different method get,post. it will sent a request and also get back the response.
The most common method I see of passing messages to the end user from page to page is called session flashing.
This is when you store a variable temporarily in the session until it is read.
Assuming you already have sessions in use:
On process.php:
$_SESSION['message'] = 'Your data has been saved!';
On display.php:
if (isset($_SESSION['message'])) {
echo $_SESSION['message'];
unset($_SESSION['message']);
}
You could also store the entire Request object in the session.
So if I am aware, PHP provides just basic set of tools in this case. And there is nothing like "forward" in HTTP originally. It is just frameworks' abstraction/idea. There are two ways to achieve that: copying all params from request and doing new real HTTP request (with redirect) or internal forward: so framework would create fake request and call another controller and action without issuing a new physical HTTP request.
This question is directly related to this other question found on StackOverflow.
I have the same problem - but I'm not sure I can separate the protocol prefix as another variable, as suggested in the above question. I'm using the GET action, sent to another page where the data is used (e.g. form on index.php submits GET to search.php).
On the index page, a user can type data, including a URL, to be submitted (e.g. text field and submit button). Due to the nature of URLs, I expect to have some people who copy and paste - and thus people are likely going to include the http:// sometimes, whether I want them to or not.
If http: is included in the GET request (e.g. search.php?q=http://google.com), then I receive a 403 Forbidden error on search.php - which is where I'm running into issues.
Outside of JS, is there a way to either remove or separate the protocol prefix from a user input, if it exists, before the request is sent to search.php? E.G. After user clicks submit but before data is sent to another page?
Thanks in advance for any answers or advice you can give!
EDIT: I know I can use urlencode to encode URLs - but can that be done before the data/GET request is actually sent?
Outside of javascript? No.
However, when the data is sent to search.php, you can test for the http:// and remove it you don't want it included.
I am having a very hard time understanding the exact process of "post/redirect/get".
I have combed through this site and the web for several hours and cannot find anything other than "here's the concept".
How to understand the post/redirect/get pattern?
Wikipedia explains this so well!
The Problem
The Solution
As you may know from your research, POST-redirect-GET looks like this:
The client gets a page with a form.
The form POSTs to the server.
The server performs the action, and then redirects to another page.
The client follows the redirect.
For example, say we have this structure of the website:
/posts (shows a list of posts and a link to "add post")
/<id> (view a particular post)
/create (if requested with the GET method, returns a form posting to itself; if it's a POST request, creates the post and redirects to the /<id> endpoint)
/posts itself isn't really relevant to this particular pattern, so I'll leave it out.
/posts/<id> might be implemented like this:
Find the post with that ID in the database.
Render a template with the content of that post.
/posts/create might be implemented like this:
If the request is a GET request:
Show an empty form with the target set to itself and the method set to POST.
If the request is a POST request:
Validate the fields.
If there are invalid fields, show the form again with errors indicated.
Otherwise, if all fields are valid:
Add the post to the database.
Redirect to /posts/<id> (where <id> is returned from the call to the database)
I'll try explaining it. Maybe the different perspective does the trick for you.
With PRG the browser ends up making two requests. The first request is a POST request and is typically used to modify data. The server responds with a Location header in the response and no HTML in the body. This causes the browser to be redirected to a new URL. The browser then makes a GET request to the new URL which responds with HTML content which the browser renders.
I'll try to explain why PRG should be used. The GET method is never supposed to modify data. When a user clicks a link the browser or proxy server may return a cached response and not send the request to the server; this means the data wasn't modified when you wanted it to be modified. Also, a POST request shouldn't be used to return data because if the user wants to just get a fresh copy of the data they're forced to re-execute the request which will make the server modify the data again. This is why the browser will give you that vague dialog asking you if you are sure you want to re-send the request and possibly modify data a second time or send an e-mail a second time.
PRG is a combination of POST and GET that uses each for what they are intended to be used for.
Just so people can see a code example (this is using express):
app.post('/data', function(req, res) {
data = req.body; //do stuff with data
res.redirect('public/db.html');
});
So to clarify, it instantly refreshes the webpage and so on refresh of that webpage (e.g. if you updated an element on it) it won't repost the form data.
My code used to look like this:
app.post('/data', function(req, res) {
data = req.body;
res.sendFile('public/db.html');
});
So here the response is sending the html file at the /data address. So in the address bar, after pressing the submit button it would say for me: localhost:8080/data.
But this means that on refresh of that page, if you have just submitted the form, it will submit it again. And you don't want the same form submitted twice in your database. So redirecting it to the webpage (res.redirect) instead of sending the file (res.sendFile) , stops the resubmission of that form.
It is all a matter of concept, there is no much more to understand :
POST is for the client to send data to the server
GET is for the client to request data from the server
So, conceptually, there is no sense for the server to answer with a resource data on a POST request, that's why there is a redirection to the (usually) same resource that has been created/updated. So, if POST is successful, the server opiniates that the client would want to fetch the fresh data, thus informing it to make a GET on it.
As for the PRG model, on my web application I process data on the server and than I do a redirect by using header('Location: misc/page_done.php&message=1');
For manage the output, on my page_done.php I've a sort of select case when, due to the message variable value (1,2,3, and so on), I'll print the right output message to the user.
This by using GET to pass the variables to the redirected page. Could I pass this variables (in my example, the string message) trought POST instead of GET? Yeah, looks stupid, but just for curiosity...
No. Redirects forced in this manner can never result in a POST. Put the variable in a session if you don't want to show it in the URL.
The simple answer is no. Using header Location you can't pass things through post, only get.
I'm writing a php script that will fetch data from a given URL and then run a lot of calculations based on that data, and then output it for the user.
The web page in question is a page with an embedded iframe. The iframe contains javascript code that contains the data I need, and unfortunately, the iframe is not hosted on the same domain as the web page. So what I'm trying to do is extract the URL to the iframe from the web page (I can at least do that without hitting cross-domain restrictions), and then pass the URL to the php file, and it will load that URL, and find the information.
This raises a slight problem of the URL having lots of arguments it in already. It's shaped in the form of www.somesite.com/iframe.php?userstring=asfjkl&arg1=654&arg2=132%2C9848%2C698
The problem is that the URL already has arguments, and this will not work well for my php file, which will confuse those arguments being arguments, instead of being part of the URL when I redirect the user to my site's URL of mysite.com/test.php?URL=(string shown above). So now, I'm thinking about a POST request, but sending a POST request will not redirect the users unless I actually have a form. So my question is, if that is a viable idea, to send the URL by creating an invisible form and setting the data to the URL, then submitting it, and if cross domain submission for form is allowed. (I think it is). Any other suggestions?
Simply urlencode() the URL argument. Then everything works fine.
urlencode('http://www.example.com/blah?x=y&a=123&something=else');
// Returns http%3A%2F%2Fwww.example.com%2Fblah%3Fx%3Dy%26a%3D123%26something%3Delse