Is it possible and also is it worth doing (security talking, as a extra step, of course not as the main security thing) to send a regular html form (not ajax) to a php script but to hide the scripts url?
So for example if i have:
<form action="http://example.com/phpscript" method="post" enctype="multipart/form-data">
when the form is submited the user will be redirected to a succes page but not on the http://example.com/phpscript url (or maybe to this url but with some masking or some other ideas...).
I don't believe it's possible unfortunately.
The best you could do is send it to your php page that takes care of your form then redirect with, ie :
header("Location: index.php);
Related
I have a page with a basic form with
<form name="myform" action="submit.php" method="post">
The submit.php page just shows a loading ajax image and says, "we will take you there in one moment" and does some other stuff in the background.
The page then does a html meta redirect after some seconds to take the user to the final, off-domain page.
The data from the Form on the first page needs to be passed on to the redirecting URL. Since the form includes a password field, I don't want to append the data to the redirect URL.
Is there a way to do this?
You can simply add the form data as GET variables on your redirect URL like this:
header("Location: http://example.com?password=".$_POST['password']);
You could encrypt the data using various methods such as md5.
If you don't want to use a GET, then you'll have to use a POST, which means you'd have to use CURL to send the data to the other page, separately to your redirect.
I have an HTML 5 form page. I know the method attribute action in the form tag determines what to do once submit button his hit.
So far I have something like this: <form action="form_action.php" method="post". I know some form's in HTML5 have a required attribute, but I understand that the PHP code should also do the required checking for security purposes.
If a person hits submit, I would like the required messages to pop up on the same html5 form page rather than completely redirecting to my php code. Can someone please explain how to do this or provide references?
I read something about the superglobal _SERVER(["PHP_SELF"]) but if I use this, how do I pass variables to my PHP script? I will be doing some SQL in PHP too.
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Any help appreciated. Thanks.
If you want to process the contents of a form before they are sent to the server (e.g. on the client side), you have to do it using JavaScript, not PHP.
For an introduction on how to do that, try to google "javascript form validation" or something similar. A good starting point could be this tutorial. You may also want to look at jQuery which makes writing JavaScript easier and has become the standard way of writing JavaScript code that works in all browsers.
You could use header("Location: first_page.php") on your action.php page to redirect to your first page (eventually with some options) if the inputs are not correct.
<form action ="send.php" name ="userdetails" onsubmit="display(); return false;">
although this does perform the send.php script, it loads the send.php page and the content of the current page is lost.
I need to perform the following, once the form is submitted - an email should be sent. However the current page is not to be changed. What is the best way to accomplish this? Thank you
Setting a value for action="..." will always redirect you to a new page.
For what you want to do, AJAX is perfect. It allows you to run a PHP script without leaving the page you are on. I would check out jQuery's AJAX capabilities.
I guess my question is in understanding the $_POST handling.
So I have two pages that handle 2 forms. Page 1 asks for some information that will be used in page 2. When submitted the form action uses the same page then redirects to next page upon validation, but only handles the data when $_GET variable ?usersubmit=1.
<form action="<?=$_SERVER['PHP_SELF']?>?usersubmit=1" method="post" name="form1">
<input type="text" name="field1">
</form>
So say I have page called form1.php. Upon submit its sent to form1.php?usersubmit=1. The page now assigns the posted data to session variables and then redirects to form2.php via header('location:form2.php').
<?
if($_GET['usersubmit']){
if($_POST['field1']){
#if valid then assign session variable and redirect to next form
$_SESSION['field1'] = $_POST['field1'];
header("location:form2.php");
}else{
#if invalid send error message
$error = true;
}
}
?>
My problem is in when users hit the 'back' button on their browser to edit data from a previous form. The browser doesnt re-post this data it just shows them a blank form. I'd prefer not to use $_SESSION data to fill out the forms because I suspect the re-post method may be a quicker and less problematic fix.
I also tried a javascript redirect instead of a header but browsers are smart enough to not send you back to a page that wants to redirect you so it doesnt work.
any help in understanding this would be greatly appreciated.
thanks.
The only way to handle it is via a session... HTML5 allows for storing of that kind of data but to be honest I wouldnt even look into it as a possibility just yet, altough it does work.
typically the back button will use all of the same get and post variables as was used on the previous locations page load. server side header redirect will not allow you to use the back button to get to the previous page since this redirection is done on the server side.
there are two ways to redirect using javascript window.location which will put your previous location into the browser history and therefore the back button will work, and location.replace which will not put a link in your history, and therefore not allow you to use the back button to get to the previous page.
alternatively, you could just use page two to process page ones form...
Also, you should use htmlentities() in your code. It closes a security vulnerability (see http://www.html-form-guide.com/php-form/php-form-action-self.html for more details).
<form action="<?=$_SERVER['PHP_SELF']?>?usersubmit=1" method="post" name="form1">
should change to something like this below.
<form action="<?=htmlentities($_SERVER['PHP_SELF'])?>?usersubmit=1" method="post" name="form1">
This is my first post, so be kind ; )
I'm wanting to create a multi page form with php.
The form will spread over 3 pages, each page will need to validate on the data entered into the form on the client (using jquery validation) and if javascript is disabled, on the server, where error messages need to be displayed beside the related form field.
Upon validation, the data needs to be passed to the next page in the form, preferable using session variables.
The main problem I'm having is that most validation scripts now leave the action="" as being self referring to the current page, and as such post variables cannot be passed onto a different page in the chain of forms.
I want to have a validation script that will validate, and then post to a new page upon clicking the submit button.
Thanks
Peter
You don't have to post to the next page.
You can validate the form fields on the current page, store them in a session, then use a header("location: nextPage.php"); exit(0); redirect to go to the next page.
generally, you can do something like
<form onsubmit="return validateForm();" method="post" action="/wherever">
And this will call your javascript validation form, not submitting the form if the validation form returns false.
You will also need to do server side validation, and I suggest that you store the previous forms validated results into the session, rather than re-posting them (as these wont have to then be re-validated each time!)
You should use the post redirect pattern. Post the variables to the next page (control page), If validations pass then that page does a
header("Location: /page2.php");
after saving the posted variables to the session. If the server side validation fails, then you do a header to the page1.php with the error. pThis way you can use your back button.
I reccommend this JS validator. Very easy to use and doesn't depend on the action="" parameter at all, so you can still set it to whatever you want.