http://example.com/retrieve1.php?Grade=&School=&Team=&Students=
How do i check multiple parameters in above URL ?I am using different search filters such as (Grade, School, Team, Students). So i would like to use the values of these filters from URL. I am not sure how to approach this, I would appreciate any help.
URL: http://example.com/retrieve1.php?Grade=&School=&Team=&Students=
Two HTTP Request Methods: GET and POST
Two commonly used methods for a request-response between a client and
server are: GET and POST.
GET - Requests data from a specified resource
POST - Submits data to be processed to a specified resource For your
For your url its a GET method.
You can store the url parameter value using the GET Method.
$Grade = $_GET['Grade'];
$School= $_GET['School'];
$Team= $_GET['Team'];
$Students= $_GET['Students'];
You can also store the url parameter value using the REQUEST Method.
$Grade = $_REQUEST['Grade'];
$School= $_REQUEST['School'];
$Team= $_REQUEST['Team'];
$Students= $_REQUEST['Students'];
Note: The variables in $_REQUEST are provided to the script via the
GET, POST, and COOKIE input mechanisms and therefore could be modified
by the remote user and cannot be trusted. The presence and order of
variables listed in this array is defined according to the PHP
variables_order configuration directive.
Related
I am trying some code to get value from URL through post method and search database table for that value and get info from the database and encode it into JSON response.
Here is my code :
<?php
//open connection to mysql db
$connection = mysqli_connect("localhost","root","","json") or die("Error " . mysqli_error($connection));
if (isset($_POST['empid'])) {
$k = $_POST['empid'];
//fetch table rows from mysql db
$sql = "select `salary` from tbl_employee where `employee_id` = $k ";
} else {
//fetch table rows from mysql db
$sql = "select `salary` from tbl_employee";
}
//fetch table rows from mysql db
$result = mysqli_query($connection, $sql) or die("Error in Selecting " . mysqli_error($connection));
//create an array
$emparray = array();
while($row =mysqli_fetch_assoc($result))
{
$emparray[] = $row;
}
echo json_encode($emparray);
//close the db connection
mysqli_close($connection);
?>
I used Postman extension on Chrome and pass the values but it is not returning. Instead it is returning the else part.
Postman Screenshot
Looking at your screen shot, you have not passed body key values, instead you passed params.
Click on Body Tab and then pass key & value pair.
As per your screenshot you are sending your empid through query parameter so you need to access that as follows
<?php
if (isset($_GET['empid'])) {
echo $_GET['empid'];
}else{
// else part
}
also for that you need to Request Url in Postman using GET method.
But as you have stated that you want to send empid through POST in postman, you have to send it through form-data in Postman and access it as $_POST["empid"];. following is the screenshot for your reference
else there is another option where you can send the POST data through body as row json and access it as
$rawPostData = file_get_contents('php://input');
$jsonData = json_decode($rawPostData);
and $post will contain the raw data. And you can send it through postman as in following screenshot.
You have to set the Body to "x-www-form-urlencoded" and adding the variables to be posted
Or try this SO question, its already been answered
I replicated the code and db on my system to figure out the problem. I also added some lines of code before if (isset($_POST['empid'])) { for diagnostics sake:
$method = $_SERVER['REQUEST_METHOD'];
echo $method."<br/>";
The application file is index.php deployed in json directory inside webroot.
When I send any request to http://localhost/json directory (either POST/GET), Apache redirects the request as a GET request to index.php (as configured in my Apache config file). I assume this is what you're experiencing.
But when I send the request to http://localhost/json/index.php, the request is accurately received and processed.
Therefore, I would say the solution is that you need to specify the php file and also set the empid parameter as part of the body in Postman (not as part of the url).
I think you should also check the post if emptyif (isset($_POST['empid']) AND ($_POST['empid']) != ""). to allow php to execute the line before else.Sometimes programming becomes unpredictable.
use if(isset($_REQUEST['empid'])) to test in POSTMAN...
Then use if(isset($_POST['empid'])) to test directly from app...
have a look Issue in POSTMAN https://github.com/postmanlabs/postman-app-support/issues/391
To get the value of a variable from the URL(query string), you need to use either $_GET or $_REQUEST.$_POST represents data that is sent to the script via the HTTP POST method.
So, in your code you just need to do this :
$_REQUEST['empid'] instead of $_POST['empid']
In POST method the data is sent to the server as a package in a separate communication with the processing script. Data sent through POST method will not visible in the URL.
Confirm that in postman Content-Type should be application/x-www-form-urlencoded in request header.
Postman reference doc : https://www.getpostman.com/docs/requests
Hey it sounds like you are just needing to do a GET request to your DB.
You are more than welcome to send in variables via a GET request as well.
GET http://localhost/json?empid=3
You can then get data from your GET request like so $_GET['empid']
I suggest a GET request because I see your not actually posting any data to your server, your just handing in a variable in which you want to use to query with.
I do understand that GET requests are less secure, but in your scenario your POST just doesn't seem to want to work. So a different tack might do you justice.
If you want a value from the URL, you need to use $_GET["empid"] instead $_POST["empid"]
Submitting a form through POST method
By post method of form submission, we can send number or length of data. Sensitive information like password does not get exposed in URL by POST method, so our login forms we should use POST method to submit data. This is how we collect data submitted by POST method in PHP
$id=$_POST['id'];
$password=$_POST['password'];
Collecting data submitted by either GET or POST method
If a page is receiving a data which can come in any one of the method GET or POST then how to collect it ? Here we are not sure how to collect the data. So we will use like this.
$id=$_REQUEST['id'];
$password=$_REQUEST['password'];
Looking at the URL you are requesting, you are sending a GET value within your POST request.
http://localhost/json?empid=3
As you can see here, the url holds the empid variable and so the is send to the server as beeing a GET variable ($_GET)
Use $_GET['empid'] to access this variable, while using $_POST to access the other variables.
You could also use $_REQUEST to access both GET and POST data by the same global.
I'm trying to make a simple "request register app", so I send a variable $appUser_id via POST to a .php file that will make the storage into the database. I worked, for a while, but then it stopped working and I don't know what I changed. It makes the registration into the database but sets the appUser_id to 0, but I'm sending a number.
It doesn't throw any error but doesn't get the proper variable's value.
And sending the data with Postman for now.
newRequest.php
<?php
if($_SERVER["REQUEST_METHOD"]=="POST"){
require 'connection.php';
makeRequestRegister();
}
function makeRequestRegister()
{
global $connect;
$appUser_id = $_POST["appUser_id"];
$query = "INSERT INTO requests (appUser_id) VALUES ('$appUser_id')";
mysqli_query($connect, $query) or die (mysqli_error($connect));
mysqli_close($connect);
}
?>
Connection.php
<?php
define('hostname', 'localhost');
define('user', 'root');
define('password', 'password');
define('databaseName', 'belandri_TEII');
$connect = mysqli_connect(hostname, user, password, databaseName);
?>
Postman
DataBase
Pd: Forget about injection and that kind of protection. I don't care about that for now.
You're currently using the Headers tab but, you should be using Body tab for POST data.
Check out the following example:
If you check out the Postman documentation, you'll see there's several ways to construct the Request Body:
form-data
multipart/form-data is the default encoding a web form uses to transfer data. This simulates filling a form on a website, and submitting it. The form-data editor lets you set key/value pairs (using the key-value editor) for your data. You can attach files to a key as well. Do note that due to restrictions of the HTML5 spec, files are not stored in history or collections. You would have to select the file again at the time of sending a request.
urlencoded
This encoding is the same as the one used in URL parameters. You just need to enter key/value pairs and Postman will encode the keys and values properly. Note that you can not upload files through this encoding mode. There might be some confusion between form-data and urlencoded so make sure to check with your API first.
raw
A raw request can contain anything. Postman doesn't touch the string entered in the raw editor except replacing environment variables. Whatever you put in the text area gets sent with the request. The raw editor lets you set the formatting type along with the correct header that you should send with the raw body. You can set the Content-Type header manually as well. Normally, you would be sending XML or JSON data here.
binary
binary data allows you to send things which you can not enter in Postman. For example, image, audio or video files. You can send text files as well. As mentioned earlier in the form-data section, you would have to reattach a file if you are loading a request through the history or the collection.
Looks like you may be sending that post variable in the headers. Use the body tab instead.
You are passing the $appUser_id as a string in the query, you don't need to put single quotes around the variable since double quotes evaluate vars inside. You can do:
$query = "INSERT INTO requests (appUser_id) VALUES ($appUser_id)";
Or
$query = "INSERT INTO requests (appUser_id) VALUES (".$appUser_id.")";
i came across to a kind of dilemma when working on my project in Zend Framework.
When we submit a form, we get the values like this:
$post = $this->_request->getParams();
this will basically capture all the names in a form that is submitted and i can reach the single name value like this:
$key= $post['key'];
And the confusion comes in here when there is a variable value coming from URL, such as:
http://www.mydomain.com/contoller/key/11
so i was to capture the key value from the url i can get it like this again:
$post = $this->_request->getParams();
$key=$post['key'];
My question, how can i differentiate that if this value is coming from URL or from a form?
Or If there is a more secure/reliable way to do this, what would it be?
Thank you
To isolate POST data, simply use
$postData = $this->getRequest()->getPost();
You can also retrieve a single value using
$key = $this->getRequest()->getPost('key');
See http://framework.zend.com/manual/1.12/en/zend.controller.request.html#zend.controller.request.http.dataacess
Although question is about ZF1 but every time I search in google this question comes up for zf2 as well.
So if you wish to get Post types in ZF2 such as GET, POST, DELETE, PUT
You can use following within controller.
$this->request->getMethod(); //return submit type i.e. GET, POST, DELETE, PUT
or
$this->getRequest()->getMethod(); //return submit type i.e. GET, POST, DELETE, PUT
https://zf2.readthedocs.org/en/release-2.2.0/modules/zend.http.request.html
https://zf2.readthedocs.org/en/latest/modules/zend.http.request.html
I am new to PHP.
I need a help regarding the methods of extracting DB name and table name from the given URL name.
For example, let's say, I have an URL like the one below:
/test.php?db=...&table=.../
How to extract the DB name and table name from this URL using PHP and use the result for other query purposes.
If you mean how to parse an existing URL for it's parameters:
parse_url() and parse_str() will help you strip the components of the url. You will primarily be looking at the following
$elements = parse_url($url);
$kvps = $elements->query;
$db = parse_str($kvps['db']);
$table = parse_str($kvps['table']);
But, if you mean how to GET variables from the current page before render:
<?php
$dbname = $_GET['db'];
$tablename = $_GET['table'];
?>
And yea, there are major security risks involved in opening up 'direct' access to your database this way. Best to obfuscate / encapsulate / wrap your functions in tasks like index.php&addUser=tim instead of index.php&insert=tim&db=boofar&table=users&dbuser=root&dbpassword=secure.
If you're just learning, what you're doing is fine, as long as you realize why it's wrong. If you're coding for production, you really need an alternate solution.
There are two ways to pass variables or data to another page.
GET (via the URL)
and
POST (usually a form submission)
You can alway get via
$_GET
http://php.net/manual/en/reserved.variables.get.php
or
$_POST
http://nl.php.net/manual/en/reserved.variables.post.php
If the incoming PHP possible requests can be the following
1)http://wwww.test.com/api.php?device_id=xxxx&user_name=xxxx&pass_word=xxxx&num_request=xxxx&num_site=xxxx;
how do I extract the user_name field from the above in my api.php code?
Those values are passed via a standard GET request accessible like this:
$deviceid = $_GET['device_id'];
Be aware that this value is unsanitized and open to modification from the user which could ultimately end up with SQL injection depending on your usage of the value.
You can use the $_GET superglobal to acess querystring values
$user_name = $_GET['user_name'];