I am facing problem with Query String in one of my Joomla Project.
I have video section in my project and also showing top video on home page. so when I link to detail page I am passing id of video. but here my client does not want to show id in string and its also cause some security problem.
So is there any solution to hide that ID from Query string?
Thanks in advance.!
You can do two things to make this work as your client want.
Encrypt the link data and send. At the PHP end decry-pt and use them.
When user click on the link user use a form submission. Pass the value as hidden fields. Using POST method is secure than the GET method. Here also you can encrypt the values you send.
Related
Question about GET and POST in PHP. i wonder what is the difference between POST and GET and when do you use them respectively?
so as far from i tried, GET can also show the data in the link.
for example, the name of my link is Localhost/index.php then inside my php file is an input box and a submit button. if for example i use GET, if i click the submit button, it will take the data i put in inputbox(for example, name) and add it to the link. so the link now is Localhost/index.php/?name=Tina i think this is how GET works. but if i use POST, it will not show the input data in the link and it will remain Localhost/index.php. (atleast, from what i practice)
i wonder what are other differences between the two and when they should be use? for example im making a website(ex: sign up website) that will take information and send it to a database in MySQL..or the webpage should carry over the from this webpage to another webpage. should i use GET or POST?
You are kind of overthinking it. It is as simple as:
POST - used to post(send) data to the database.
GET - used to get(fetch) data from the database.
So in the case of the form, what you need to do is a POST request, so you send the data to MySQL. And in order to retrieve that data, you will perform a GET request.
See this https://www.geeksforgeeks.org/http-get-post-methods-php/ for a comprehensive explanation.
Keeping it very short:
You never-ever should pass any sensitive information over GET method, because it's visible by logs, by your internet provider/router, third parties.. such as google analytics and more.
A common use of GET is when you allow users to change the parameters of a page they see.. i.e. search parameters or the number of products per page.
POST when you want to send information to the server "privately" and (preferably) with a nonce to make it sendable only once.
But regardless of a method - POST or GET - sanitise, sanitise, sanitise.. that is what you need to really worry about. User input should not be accepted as is when you receive it, kinda #1 rule on the internet.
So, I'm trying to make a template type page that when a user clicks a product link, it takes them to the page and the php script auto-fills the page with the product info in the placeholders. The problem I'm having is I don't know how to make the product picture a link to the template page AND carry over a post method to let the php script know which product data to pull from the prelaoded array that I filled with product data from the php sql query. Any ideas?
Since you're mentioning anchors, that is a bad idea. They are usually encoded in the URL behind the hash sign (#) and not sent to the server.
So, one way to do it, is to either include the relevant data in the form content, e.g. in a hidden field.
Or another way would be to append it as a query parameter to the URL.
Hope that helps, and not taking security into account (e.g. both methods make it easy to perform SQL injection, or the parameters could be used to display something you don't want the user to select because it's out of stock, etc. pp.)!
since you're mentioning anchors with post, in my opinion this is not possible but one way to do it, is that using jquery and ajax.
see below link:
you can find the answer here
I am fairly new to using PHP so bear with me if this is a stupid question
I have a form that comprises a number of radio buttons, the action is set to redirect to the same page and the method is GET.
A click on a radio button gets data from the database. The data is used to redisplay the same page with changed content.
The page URL has PHP arguments in it like the example below
localhost/basesite/mypage.php?itemID=8&name=city&number=9
When I access the page and click on a radio button I get a page with “no arg” because the URL reads
localhost/basesite/mypage.php?number=6
Two of the arguments are missing and that the last one is incorrect.
With no change whatsoever to the code except using ”post’ instead of “get” the whole thing works flawlessly.
I have used
form action= "" method=“get”
form action= “#” method=“get”
and many other actions using $_SERVER["REQUEST_URI”], $_SERVER['QUERY_STRING'] etc and combinations thereof.
Those that worked with POST did not work with GET.
I do not need to use POST as data is not written only retrieved from the database so I have no worry about data being written more than once.
If I have to I will use POST but if the user refreshes or uses the back button then the usual warnings will be issued by the browser.
What am I missing?
you should you use $.get which is a jquery method.
First, you should share your full source code for better understanding your problem. And also you have to use post method to submit a radio button values to get some value from your database. Form data can be submitted using these two methods (get and post). Both are used for the same purpose, but stands apart under some specifications. As in GET method key values are passed in the Url while in POST, the information transfers in a hidden manner.
Sorry folks. It was a badly formed URL due to me not fully understanding how to set a hidden element.
I just setup some pagination for a search, and the search uses POST variables to define what to search for etc. In my URL I can set the pagination offset like this search/OFFSET, and my links in the pagination link there correctly. However, when I click a link all POST variables vanish even if I explicitly set them so I can use them in the next script. I'm using codeigniter and I have GET turned off and really don't want to store these 5-6 values in a session since then it will get all clumsy.
Does clicking a link fully reload the page and delete POST variables?
Thanks
Yes, clicking a link creates a GET request so wouldn't keep any of the POST data. Although it's technically possible to do so with javascript, that's a bad idea.
This is an entirely appropriate use of GET, please read this fuller explanation.
Yes, clicking a link removes all the POST variables.
Do you have access to change your php page that receives the request? You might want to adjust your variables there to accept either GET or POST:
$defaultvalue='';//change this to '' or NULL or whatever you want
$searchQuery = (isset($_POST['s']) ? $_POST['s'] : (isset($_GET['s'])?$_GET['s']: $defaultvalue));
Then your php page will be better equipped to handle either GET or POST
POST data will only be present during the original request (i.e. it does not persist between requests). If you want data to persist, use sessions. However, it is common practice to use GET for search queries and pages.
You could use an incredibly ugly workaround and set a form full of hidden fields to submit when you click a link. I really wouldn't recommended it though.
You should be able to create a form that submits some set of post variables to the action parameter with the get variables. So the form should submit a post request to http://www.somedomain.com/FormSubmit.php?pag=1&sort=asc This would submit the post values of that form along with the get values of the string. If you can change your link to a form button, you should be good to go.
I have a form that uses XML to get results. From those results users can click to a detail page. My problem is when a user clicks back to the results page, they are asked if they want to submit the form again. How do I create this so back button just displays the results, like on aa.com, ebay, autotrader, etc.
Thanks!
When you submit your page move the $_POST variables into the $_SESSION array and then header redirect the user to the results page.
You should redirect to another page to using redirect() method of codeigniter. This will prevent the browser asking a confirmation on form submission.
Is it just a search page that displays results? Why not use GET rather than POST in your form? Looking at search engines out there, they seem to use GET for their search interface. I can think of a few reasons to use GET rather than POST.
If the operation simply fetches results, semantically, the GET method is more appropriate. GET is used when you are fetching data. POST is more used when you are submitting a change to the application.
If you use GET, clicking on the back button won't give you a dialog asking whether you wish to resubmit the form.
Your users will have a URL directly to a search results page for a particular query that they can share.
Unfortunately CodeIgniter, by default, nukes the query string when processing a request. You can enable the query string in CodeIgniter by following this answer.