How can I hide the PHP GET parameters from a URL?
Here is how the URL looks like
../iar7.php?size1=&size=TURF&R3=R3&txtsize=&txttreadd=&small=&large=&smallsw=&largesw=&smallrc=&largerc=&scc=&lcc=&2t1=&2t2o=&2t3o=&2t1=1.36&2t2=1&2t3=5
I want to show only ../iar7.php.
Since you're using a GET, all your payload will be shown as query params. If you would like to hide them perhaps try using a POST instead.
You can read up on some of the differences between the methods here.
If you are using forms, your html form would look like this:
<form method='post' action='/someurl'>
...
As already said before, there are two methods to send data: using GET (which is encoded in the URL), or using POST which means the data is sended as additional payload in the HTTP request. You cannot hide the URL parameters from the GET request method, simply because it is the way GET is supposed to work.
You can do this by specifying this in your <form> tag in the HTML source code:
<form action='the.url.com/path/file.php' method='post'>
<!-- ... -->
</form>
Furthermore I want to add that you have to note that in order to process the data in your PHP file, you will have to call $_POST instead of $_GET.
Related
I have a search form, and the submit button looks like this:
<input type="submit" name="search_submit" value="Go"/>
I handle this form using the following php:
if (isset($_GET['search_submit'])) {
do blah
}
Works fine. But my url then includes &search_submit=Go. I do not want that to show up.
I know that to fix this, I need to remove the name attribute from my the forms input line.
But then my php no longer works and I'm not sure how to change it to handle the form. I tried changing it to:
if (isset($_GET['submit']))
and
if (isset($_GET['Go']))
But they did not work either. If anyone can help me with an answer, it would be awesome.
You cannot remove the name of the input element, as PHP would not know which value to look for. If you want to completely hide the string after the URL, use the request method POST instead of GET:
<form action='myscript.php' method='POST'>
<input type="submit" name="search_submit" value="Go"/>
</form>
Your PHP will use the following:
$_POST['search_submit']; // Instead of $_GET['search_submit'];
A good answer to when to use GET and POST can be found here.
edit: If you just want to not have the button show up in the URL, but everything else should still be there (according to your comment), you can simply remove both the value and name of the submit button.
Instead of looking for search_submit to be set, you can look for the other values:
if (isset($_GET['username'], $_GET['password'])) {
// Do your stuff here
}
If you don't want to show string in the URL, you can use the POST method. The main difference between GET and POST are listed below as :
GET:
Parameters remain in browser history because they are part of the URL
Can be bookmarked.
GET method should not be used when sending
passwords or other sensitive information.
7607 character maximum
size.
Url example: new.php?category=sport
POST:
Parameters are not saved in browser history.
Can not be bookmarked.
POST method used when sending passwords or other
sensitive information.
8 Mb max size for the POST method.
URL example: new.php
Sample Code :
if (isset($_POST["search_submit"])) {
do blah
}
If the submit button doesn't have a name, then it won't be a successful control and won't appear in the submitted data at all.
Test for the presence of data from some other field in the form instead.
I am working on a project where i need to access clean URL's always i.e no parameters can be passed in the URL for getting values on another page.
Can anyone please suggest an alternative other than 'Form Submit' method.
Thanks In Advance.
Use $_SESSION for this purpose.
Using $_SESSION you can use variable in multiple pages wherever you want.
// assigning variable
$_SESSION['name']="variable";
//retrieving
echo $_SESSION['name'];
write session_start() at the top of page wherever you want $_SESSION variable
For Clean URL's i prefer you may use HTTP POST Method. Hope that helps.
<form name="frmApp" method="POST" action="/action.php">
</form>
Else, you can use AJAX with jQuery to submit the values to another page.
$.ajax({url:"action.php",success:function(result){
$("div").html(result);
}});
Check out w3schools to get started with AJAX : http://www.w3schools.com/jquery/jquery_ajax.asp
No support for SESSION since i don't like writing php code inside my web page.
Sessions can help, or ajax call.
for using clean url you can use post method in form
<form name='' method='POST' action=''>
You can try mapping resources to the url.
Suppose you want to get mailing address of a customer then you can write.
http://[baseurl]/[customerId]/mailingaddress.
Read more here
i m getting confuse taking to that question why all variable names and values not show in url when we use method "post" in HTML forms.
i hope my question is clear.
That is because POST requests include variables to message body and not URL. See this: http://www.cs.tut.fi/~jkorpela/forms/methods.html (Methods GET and POST in HTML forms - what's the difference? )
Only GET methods show the variable names and values in the URL, not POST methods
When you are using POST method than all the data like your variable name,variable value, cookie is send to server in Request body,
so you cant see that parameter while using POST.
GET and POST methods are two different way to exchange data between server and client.
GET - retrieve data from URL (Eg: http://domain.com/index.php?var1=val1&var2=val2)
echo $_GET['var1']; (will return `val1`) and so on
POST - collect values in a HTML form with method="post", data send with curl with the same method, and so on.
<input name="username" />
echo $_POST['username'];
Use this like example, the actual content is more complex.
I've never really thought about this, but it helps with some security of something I'm currently working on. Is it possible to submit GET data without an actual input field, and instead just getting it from the URL?
If so, how would I go about doing this? It kind of makes sense that it should be possible, but at the same time it makes no sense at all.
Perhaps I've been awake too long and need some rest. But I'd like to finish this project a bit more first, so any help you can offer would be appreciated. Thanks
Yes. If you add some query-string to yourl url, you can obtain that in php using $_GET without form submitting.
Going to this URL adress http://yoururl/test.php?foo=bar cause echoing foo (if there will be no foo query string, you'll get warning).
# test.php
echo $_GET['foo'] # => bar
Is this what you mean?
Link
// page.php
echo $_GET['type']; // foobar
This is what I understand of your question:
You have a <form method="get" action="foo.php">-like tag on your page
You have a series of <input type="text" name="bar"/> in your page
You want to pass additional GET parameters that are not based on an input from the form
If so, it is possible, but I hardly see how it could help with security. Input from a client cannot be trusted, so even if you hardcode the GET value, you have to check it serverside against SQL injection, HTML injection/XSS, and whatnot.
You have two ways:
Use a hidden input: <input type="hidden" name="myHiddenGetValue" value="foobar"/>
Add the GET parameter to the form action: <form method="get" action="foo.php?myHardcodedGetValue=foobar">
If what you meant is that you want to have a GET request without a form, you just need to pass all the GET parameters to the href of a link:
Click here!
Yes it's possible. Just append the GET data to the link.
For example:
<a href="main.htm?testGet=1&pageNo=54>Test</a>
You can also use Javascript to build the url.
If you happen to be using jQuery and want to build the GET data dynamically you can do this:
var getParams = { testGet:1, pageNo:54 };
$(".myLink").attr("href", url + "?" + $.param(getParams));
Let's say I have a page called display.php and the user is viewing display.php?page=3. I want to allow the user to do an action like voting via a POST request and then bring them back to the page they were on. So, If I do a POST request to display.php?page=3 would the page information also be available to the script?
The simple answer is 'yes'. You can use a GET-style URL as the submission URL for a POST form. PHP will have both the POST and GET information available to it in the usual ways when the form is submitted.
This is not to say that you should do this, but it will work.
In PHP, you can get request variables from the special global arrays:
$_GET['page'] (for GET requests)
$_POST['page'] (for POST requests)
$_REQUEST['page'] (for either)
It sounds like you are looking for "Redirect after Post", I would suggest separating display.php and vote.php into separate files. Vote looks something like this:
<?php
//vote.php
$page_number = (int)$_REQUEST['page'];
vote_for_page($page_number); //your voting logic
header('Location: display.php?page=' . $page_number); //return to display.php
Note that blindly accepting unsanitized form data can be hazardous to your app.
Edit: Some folks consider it bad form to use $_REQUEST to handle both cases. The hazard is that you may want to signal an error if you receive a GET when you expect a POST. Typically GET is reserved for viewing and POST is reserved for making changes (create/update/delete operations). Whether this is really a problem depends on your application.
Yes, the GET array is always filled with the URL parameters regardless of the request method. You can try it with a simple page like this:
<form action="test.php?a=b" method="post">
<input name="a"/>
<input type="submit"/>
</form>
<pre>
POST:
<?php print_r($_POST); ?>
GET:
<?php print_r($_GET); ?>
</pre>