Is it good practice to use form post to send data to other pages versus just html link ($_GET) method.
Say if i have page users.php with all users of the site listed then i want to to page user_details.php that lists details about particular user - i can do it two ways.
Details
or
<form action="user_details.php" method="post">
<input type="hidden" name="user_id" value="742" />
<input type="button" name="nothing" value="User Details" />
</form>
or i could have code load every time that will put $_POST data into $_SESSION then on page user_details.php check user_id in $_SESSION is that even better security practice?
EDIT: This site requires authentication before they can see anything.
There only about 10 pages for admin total so i dont think they need to bookmark it.
For web applications, to me, the basic guideline is:
use GET for cases where you are not going to be modifying data (READ only)
use POST for cases where you are modifying data (WRITE/UPDATE only)
use POST for cases where you need to validate some data in order to return a variable result type (i.e. logins, contact forms, etc. where based on the data being sent, the behavior of the page returned can vary)
For typical web applications, there is also a consideration for whether you want a page/resource to be navigable with the data configuration. In other words, do you want someone to be able to bookmark that page and see that same exact data representation (a data read). If so, use GET.
This also falls nicely in line with REST paradigms where the following HTTP actions are typically supported:
GET -> read specified resources
POST -> create a new data element on data resource
PUT -> update an existing data element on resource
DELETE -> delete an existing data element on resource
One major benefit of using $_GET for this is that it allows your users to bookmark the url, essentially link to it instead of forcing the user to complete a form. If you use $_POST this isn't possible.
Using a querystring for this, however, isn't the most user friendly when it comes to URLs. It would be better to use some sort of pretty url structure like Wordpress does or Stackoverflow does for user pages. This can be done by editing your .htaccess file on your server.
Related
Question about GET and POST in PHP. i wonder what is the difference between POST and GET and when do you use them respectively?
so as far from i tried, GET can also show the data in the link.
for example, the name of my link is Localhost/index.php then inside my php file is an input box and a submit button. if for example i use GET, if i click the submit button, it will take the data i put in inputbox(for example, name) and add it to the link. so the link now is Localhost/index.php/?name=Tina i think this is how GET works. but if i use POST, it will not show the input data in the link and it will remain Localhost/index.php. (atleast, from what i practice)
i wonder what are other differences between the two and when they should be use? for example im making a website(ex: sign up website) that will take information and send it to a database in MySQL..or the webpage should carry over the from this webpage to another webpage. should i use GET or POST?
You are kind of overthinking it. It is as simple as:
POST - used to post(send) data to the database.
GET - used to get(fetch) data from the database.
So in the case of the form, what you need to do is a POST request, so you send the data to MySQL. And in order to retrieve that data, you will perform a GET request.
See this https://www.geeksforgeeks.org/http-get-post-methods-php/ for a comprehensive explanation.
Keeping it very short:
You never-ever should pass any sensitive information over GET method, because it's visible by logs, by your internet provider/router, third parties.. such as google analytics and more.
A common use of GET is when you allow users to change the parameters of a page they see.. i.e. search parameters or the number of products per page.
POST when you want to send information to the server "privately" and (preferably) with a nonce to make it sendable only once.
But regardless of a method - POST or GET - sanitise, sanitise, sanitise.. that is what you need to really worry about. User input should not be accepted as is when you receive it, kinda #1 rule on the internet.
I'm trying to make an app on Android that send an URI that auto-populate the "RFC Emisor" and "RFC Receptor" of this web page:
https://verificacfdi.facturaelectronica.sat.gob.mx, if I'm correct those two inputs have the id of:
ctl00_MainContent_TxtRfcEmisor
ctl00_MainContent_TxtRfcReceptor
I already tried this but it didn't work:
https://verificacfdi.facturaelectronica.sat.gob.mx/&ctl00_MainContent_TxtRfcEmisor=123456789&ctl00_MainContent_TxtRfcReceptor=123456789
there is a way to achieve what I want?
The short answer is no. The browser won't automatically detect the URL parameter and pre-populate any form fields. A back-end PHP / ASP.NET page can read the value from the request and generate the HTML fields with the specified values. Alternatively, the page could use JavaScript to set the field values when the document finishes loading.
But all of this depends on changes to the target web page. If you do not have the ability to modify that page, I'm afraid there's very little you could do.
You might be able to duplicate the form on your own page, and send the form data to the target—effectively bypassing the form on the other page and 'faking' your own, but if the target system does some kind of validation to prevent posting forms across domain names, this probably won't work either. You may have create the form and process it yourself, replicating the entire form interaction programmatically when a user submits a form to your server. In any case, none of these options are particularly graceful.
A very basic question. I have a form in one file form.php, I post it to another file processForm.php which does the server-side validation and processing. I am not using any framework.
Now, in case of form validation failure, I need to display the form again with all the values prefilled, without using a javascript history.back() from the processForm.php. What is the clean and proper way to do this so that I have all the posted values available again in form.php and can prefill them?
This is easy if the form submission happens to the same page, but this is how I got this and I cannot make the submission into the same page. So what would you do? Store the values in session? Curl post? Send the values using GET to form.php?
Why or why not? Please mention pros and cons.
Go read up on the MVC pattern.
You can't implement an interactive program without implementing a model, a view and a controller - the point is that your code should be structured to implement each of the three concerns as a single entity, be that as functions (or function trees), classes (or class trees) or files. And the three components within the pattern should be structurally grouped.
So if you want to the user to arrive at (say) second page after successfully filling in a form at first page, but to stay on first page when the form fails the validation, then a simple way to implement this would be to have first page implement the model view and controller, i.e. to both populate/generate the form and be the target for the form. Then if it receives a valid request sent from the form, send a redirect to second page.
This avoids the need for each page to load and process the MVC code for the preceding page as well as the current one - although that approach reduces the number of round trips to the browser which can help with performance.
NB using POST does not preclude the use of variables in the URL - indeed, I recommend using GET variables to indicate the data you wish to manipulate and POST variables to show how they should be manipulated.
I want to transfer a data from one webpage to another page. But I don't want to use the <form method="post"> tag because there are no forms in my webpage. Just some sensitive data is there which needs to be transferred to other page.
Please answer the following questions:
What are the ways to transfer data from one page to another?
What are the ways to transfer data from one page to another without using <form> tag in HTML?
How can another PHP (or ASP) page can read the data which was sent to it by another page?
I don't want to use the <form method="post"> tag because there are no forms in my webpage
That is not a good reason to avoid using a form. You can add one.
What are the ways to transfer data from one page to another?
Through the URI (in a query string)
As part of the request body (a POST request)
Via cookies (which you can set with JS)
Via various local storage systems
Use a query string if the data needs to be bookmarkable. Use a POST request (with a form) if it makes changes on the server (e.g. adds or edits a database entry). Use a cookie (preferably set via HTTP after using methods 1 or 2) if the data needs to persist throughout the site. Use local storage for web applications that need to function offline.
What are the ways to transfer data from one page to another without using tag in HTML?
As above, but discount post requests (unless you make them using JavaScript and XMLHttpRequest).
How can another PHP (or ASP) page can read the data which was sent to it by another page?
With local storage, it can't. All the other data is available through the server environment ($_POST, $_GET and $_COOKIE in PHP, for example).
You could use a hidden input i.e. <input name="secret" type="hidden" value="superSecretData" />
You could create a random element which contains the data i.e. <div style="display: none">SuperSecretData</div>
3a. In the case of the former in php it would just be a matter of accessing $_POST['secret']
3b. In the case of the later you would need to use javascript of something of that sort to take the random element and send it along with the page.
Hope this helps
1.) EasyXDM using postMessage if available, hash tags, or flash
2.) same as 1
3.) again you can use EasyXDM
if you open the other page with window.open or similar, or iframes
I'm trying to build a sort of resource allocation form. I'd like to be able to print a table from a database, and then allow users to click on each cell that they would like to reserve. Also, being able to drag and select multiple cells. Then send all of this via $_POST to another php script.
Problem is, I have no idea where to start.
Any suggestions?
The first and most critical thing you're going to need from what you described is a bunch of hidden fields to store the information you're interested in. You would have to write javascript code on the client side to store the users interaction with your page into these hidden fields.
To receive data via POST, you will need <input type="hidden" name"some_field"> for every bit of data you wish to "know" about that was changed on your page. Table information is not transmitted in a POST operation if it's just text, so you can't see the layout of the modified table on post back to the server.
If you don't have to POST this data to another form, it is probably a better idea to make callbacks via XMLHTTPREQUEST as the user interacts with your page, but I don't know the requirements of what you're trying to do.
I wrote one for my school recently; the trick is to either use buttons/links or addEventListener the cells to JavaScript. If you want the source code to my app, download this zip file:
http://azabani.com/files/busbook.zip
Edit:
My system works in the following way:
addEventListener to cell clicks, calling book()
book() then sets location to book.php
book.php does the database work
book.php sets the location header to immediately go back to the viewer
The system knows which week view to go back to based on session variables.