There are many similar questions on the same. I have tried to look far and even tried using the comments and suggestions provided for the similar questions but I am stuck. I can't achieve what I want to.
Both domains are owned by me (Abc.com and xyz.com) and I have full right/access on them
User Enters Name, College, Amount in a form on Abc.com
I need to post the result to xyz.Com/abc.php
Notify user " Being redirected to xyz.com for further process"
Redirect the user to xyz.Com/abc.php
On xyz.Com/abc.php, User is showed the posted values (received values from Abc.com)
These are the things I tried and came to know:
I know curl is for posting only, it can't redirect
Header() redirects but post?? I think No.
Using session variables work on same domain not on domain to domain
What should be the process to achieve this. There ought to be some way to achieve this.
Try something like this on abc.com:
<script type="text/javascript">
function redirectWarn() {
alert("Now redirecting you to xyz.com for final processing!");}
</script>
<form method="POST" action="xyz.com/abc.php">
<input type="text" id="name" name="name">
<input type="text" id="college" name="college">
<input type="text" id="amount" name="amount">
<input type="submit" id="submit" name="submit" onclick="redirectWarn();">
</form>
Then when the user clicks submit, the alert tells them they are being redirected to xyz.com/abc.php. In that file on that server (xyz.com/abc.php) you need to get the user data by inserting this PHP at the top of the file abc.php:
<?php
$name = $_POST['name'];
$college = $_POST['college'];
$amount = $_POST['amount'];
?>
Please make sure that you use some kind of javascript on abc.com or PHP on xyz.com to make sure that the user has entered data into your form fields before they get redirected. Also, if you are going to put these values into a database query or otherwise use them elsewhere, promise the internet that you will sanitize these values so your site won't get hacked and turned into a malware distribution center. :)
Related
I'm trying to create a cookie for a web page. The cookie value will vary based on the users name. Does PHP have an input type function? I just want to add an input field to the page an then the PHP will use that to define the users name for the page. I have the create cookie code, just can't figure out how to get the name from the screen and insert it to the cookie code. Appreciate any suggestions. This is on a WP website.
Not natively because php does not execute in browser, it executes on your server, but it can be used to write an HTML input.
The syntax would look something like this:
echo '<input type="text" name="myinput">';
or
?>
<input type="text" name="myinput">
<?php
You would then use a form post, CURL, or AJAX function to send the data back to the server where a second PHP script would process the input.
That said, it would help to post your create cookie code, since you may not even need to send it back to the server, but just handle it all in the browser using Javascript in which case your submit button only needs to pass the input to a Javascript function instead of posting it.
Is this something you are looking for?
Here it just takes the value user input from the browser and set it as a cookie
<?php
if(isset($_POST['name']) && !empty($_POST['name'])){
setcookie('setcookie_name',$_POST['name']); // setting cookie
}
?>
<form action="" method="post">
<input name="name" value="" placeholder="Enter your name" />
<input name="submit" type="submit" value="Submit"/>
</form>
Hello I have a web page where users can view and edit their application information. I have an Edit button. When a user clicks on this button it takes him to an edit page. Here is my code:
<form name="form3" method="post" action="pages/application_edit.php?id=<?php echo "$id[0]";?>&pwd=<?php echo "$pwd";?>">
<input type="submit" name="Submit" value="Edit Application" class="button">
</form>`
After a click the user sees this URL:`http://website.com/pages/application_edit.php?id=1&password=Flower1
How can I hide the password from the URL?
Instead of sending the values as $_GET values, send them as $_POST values to that PHP page.
<form method="POST" action="pages/application_edit.php"> // no need for the URL query string
In the PHP file
<?php
$user_id = $_POST['id']; // similar to how you'd use $_GET
....
Although the way you're approaching this is wrong, you shouldn't be passing these values between pages. At the very least your username/id should be stored as a session variable and information should be accessed when required from a database.
Either way, that's how you can send them without having them "visible".
It seems you lack session control routines.
You should manage all private options of your application (the ones you are able to perform only - and just only - when you are logged in) inside a session to avoid exposing user credentials.
You can start learning about it here.
Also, consider encrypting your HTTP requests using SSL certificate.
Sorry I have posted this question and I googled it alot still Im unable to solve this
I have a php page that has a form and when user clicks refresh or F5 it creates duplicate values in the database and also a message is alerted to the user, indicating resubmitting may insert duplicate values in database.My boss dont want that alert box of the browser to user and also insertion of duplicate values into the database
I know its header(). I read lot of header() in php manual and also server_name functions but still I tried in many ways putting in the top but cant solve it. its very important. can anyone please help me with a sample of code explaining the way to do.any help is greatly appreciated.
<form method="post" action"demo.php">
<input name="fname" type="text">
<input type="submit" value="submit">
</form>
demo.php
<?php
$firstname = $_POST['fname'];
?>
Tell me what should i add in the demo.php page to stop it from submitting the form again and again and also if user clicks back button on the browser it should not direct to the previous page , it should still redirect to current page.
So if user clicks refresh or back button it should redirect to current page only and should not insert any duplicate values and also alert box should be disabled.Please explain me what to do here, im in deep help.Thanks
There's lots of things wrong with your code, and lots of ways to mitigate the impact.
First, why are you creating duplicate entries?
In addition to the problem of bad data is also implies that your site is vulnerable to CSRF. Go read up on how to prevent CSRF with single-use tokens.
If you've got performance problems with your site, then users will often click on the submit button multiple times. While addressing the duplicate submission problem on the database, use javascript to disable the submit links on the page and provide visual feedback that the page is doing something.
Redirects are not the way to solve the problem.
My boss dont want that alert box of the browser
Are you talking about the duplicate post alert? While you can get around this using PRG, that creates other problems.
You must post a unique id (session_id) and save it in the database.
When your registration, test if the session_id is already present. If so, send a message to THE USER. "You have already post out this form"
The code:
<?php session_start; ?>
<form method="post" action"demo.php">
<input name="fname" type="text">
<input type="submit" value="submit">
<input type="hidden" name="session_id" value="<?php echo session_id();?>">
</form>
demo.php
<?php
//test session_id in database
$session_id = session_id();
mysql_connect('localhost','xxx','xxx');
mysql_select_db('xxx');
$return = mysql_query("SELECT COUNT(*) AS nb_data FROM TABLENAME WHERE session_id='".session_id()."'");
$data = mysql_fetch_assoc($return);
if ($data['nb_data'] == 0){
echo 'Your message';
}
else{
$firstname = $_POST['fname'];
//.....
header('location:xxx.php')?
}
?>
I would use php header function to replace the current location so if the user clicks refresh, it won't repost the information and a session to store the posted value and check for resubmissions.
demo.php
<?php
session_start();
if($_POST)
{
if(!isset($_SESSION[fname]))
{
//database queries here
}
$_SESSION[fname] = $_POST['fname'];
header('location:demo.php', true); //true replaces the current location
}elseif(!issset($_SESSION[fname])){
header('location:form.php');
}
$firstname = $_SESSION[fname];
?>
form.php
<form method="post" action"demo.php">
<input name="fname" type="text">
<input type="submit" value="submit">
</form>
You need ON DUPLICATE KEY , this will update the record instead of creating a copy of it :
http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
so it wouldn't matter if they hit refresh or resubmit, if the record existed already it would just get updated.
The solution will be to redirect the page after database operations like insert, update and delete
pageName: test.php
if(isset($_REQUEST['deleteBtn']))
{
$emp_id=$_REQUEST['emp_id'];
$count=mysql_query("delete from employees where emp_id=$emp_id");
header("location:test.php");
}
This way if you click F5 or back button the form data will not get posted again.
What you want is to embed a session id in your form when you create it, and to track that session id on the server. Then, when the form is submitted and you are processing the form on the server, if the form was submitted more than once, you can overwrite the first submission in your database, or respond with an error message, or whatever. (Show the popup only on the first submission, whatever.)
An easy way to do this is to generate a session id, send it as a hidden field in the form, and when the form is submitted store the session id in your database with the constraint that the session id be unique.
I'm trying to get a POST response from a url and I can not get the response to print to my html page instead it just redirects me to the url in the action with the response.
Is there a way to grab the response with html? php?
Code of html page i'm using
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<form
method="post"
action="http://poster.decaptcher.com/"
enctype="multipart/form-data">
<input type="hidden" name="function" value="login">
<input type="text" name="username" value="client">
<input type="text" name="password" value="qwerty">
<input type="file" name="upload">
<input type="text" name="upload_to" value="0">
<input type="text" name="upload_type" value="0">
<input type="submit" value="Send">
</form>
</head><body></body></html>
Note: The url in the action will only show the response and nothing else is shown on the page.
Let's see if I can give this a try, because you seem to be a bit confused about how an HTML form works.
First and foremost, your website looks like so, correct?
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<form
method="post"
action="http://poster.decaptcher.com/"
enctype="multipart/form-data">
<input type="hidden" name="function" value="login">
<input type="text" name="username" value="client">
<input type="text" name="password" value="qwerty">
<input type="file" name="upload">
<input type="text" name="upload_to" value="0">
<input type="text" name="upload_type" value="0">
<input type="submit" value="Send">
</form>
</head><body></body></html>
One thing to point out before we explain an HTML form, is that you have your form in the <head> of the webpage. Any element which is supposed to be seen by the user (or anything that you want to appear within the browser's main viewing area) should be in the <body>. Failure to do this puts the browser into a "quirks mode", where it actually doesn't know what you're talking about and it makes its best guess to try and build the website that it thinks you wanted. Mind you that modern browsers are very good guessers, but you should still re-write it as:
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<form
method="post"
action="http://poster.decaptcher.com/"
enctype="multipart/form-data">
<input type="hidden" name="function" value="login">
<input type="text" name="username" value="client">
<input type="text" name="password" value="qwerty">
<input type="file" name="upload">
<input type="text" name="upload_to" value="0">
<input type="text" name="upload_type" value="0">
<input type="submit" value="Send">
</form>
</body>
</html>
As far as explaining the <form> tag... When you submit a form in HTML, it actually loads the other website. It doesn't secretly send data in the background, it will take you away from the page you're viewing and take you to the page that you are sending the data to. At first this may sound silly. Why should it take you away from the page you're viewing just to send the data to another website? If you wanted to be redirected after sending the data, you'd redirect them there after sending the data.
The reason it's done this way is to greatly simplify the HTTP protocol. Whenever you load any website, you send and HTTP request. This request contains butt-loads of information. Among this information is:
Your IP address
What browser you're using
The page you were last visiting
How you accessed this page (clicked a link or typed the URL into the address bar)
The page you want to view (is it index.html or mysite.html?)
Any cookies related to that server
Any POST information (extra information which the server may or may not have asked for)
Every time the server receives one of these requests, it looks at all of the information and decides what to do. Usually a server will just look at the page you want to view and send it to you. Sometimes the page you want to view will need some extra work before it's ready to show, though. For instance, if a page ends in .php then it will search through the page for <?php, and everything after that point will be executed as a script. Only the output of the script is sent to the person who requested the page, not the script itself.
If you were to send your POST information to a website, wait 10 minutes, THEN go to the website, it would have no way of remembering that it was you who sent the post information before or what information you sent. Web servers have a very short attention span. For that reason if you sent a form to log into a website, then waited 10 minutes, then tried to view a member's only page- it would forget that you were logged in. For this reason it sends you the page as you're submitting the form. It does it while it still remembers that you're logged in, before it has a chance to forget. There's a good chance that the page it sends you will include a cookie which you can use to remind the server you were logged in next time you request a page.
If this made sense, then you should understand what happens when you submit a form. It doesn't just take your information and give it to the server. It sends that information to the server as part of an entire request, then the server sends you back a webpage and your browser displays that webpage. There is really only one way to send data to a server without redirecting you to that server afterwards. There are multiple ways to do this trick, however. You have to send a "dummy request", requesting a webpage with certain POST data, but ignoring the webpage that's returned.
In your example, you wanted to send data to http://poster.decaptcher.com. To do this without redirecting the user to http://poster.decaptcher.com, your easiest solution would be to use javascript and AJAX. Javascript has certain functions that allow you to send an HTTP request without reloading the page, then you let the javascript determine what to do with the page that's returned.
This is generally used when you want to reload a part of a webpage without reloading the whole thing. For instance, if you have a chat program and you want to update the chat window without refreshing the entire page. The javascript would request a webpage which contains ONLY the new lines of chat, minus any <html>, <head>, or <body> tags. It then takes those lines and displays them in the chat window.
You can, however, use AJAX to request a page and then ignore what's returned instead of display it on the page. By doing this you will have sent the POST data but not redirect the user.
Another option is to send the request to a third website, which can then send its own dummy request. For instance, submit the form to a PHP page that you own. The PHP script can then tell your server to send a dummy request to http://poster.decaptcher.com and ignore the response, then you can send them a webpage containing whatever you want.
Now that I've described both of these processes in adequate detail, I'll leave it as an exercise to the reader to figure out exactly how to do these. =)
The page refresh on submitted form is the default behavior of HTML.
For people who need to display the response into the same page without refresh, they will want to use Ajax. Here is how it could be done with jQuery:
$('#the_form').submit(function (e) {
e.preventDefault();
the_form = $(this);
$('#response_container').load(
the_form.attr('action')
, the_form.serialize()
);
})
the action defines the redirect to that page. If you want to catch the response, make your own script and place it in between the two. This is a bad way of doing it though. We developers call it hack coding. lol.
Not quite sure what you want to do. If you want to show the POST content on the page, just do this:
print_r($_POST);
If you want to see what is getting POSTed to the action URL, and you don't have access to that URL, just use the HTTP Headers plugin for Firefox.
action should go to a PHP file belonging to you! ie - action="/ProcessMyForm.php"
On that file, simply use $_POST and those form elements are in there, indexed by name, in an associative array.
Also - it may have been accidental, but post parameters dont go up in the URL like get, they are "behind the scenes" (invisible to the user) and also capable of being far larger.
PS - if you want to go to that other site afterwards, use header("Redirect: other-website-here.com")
First of all, mention your question specifically. If you want to fetch data from a URL than you can't use the form method="post". If you want to fetch data from URL, you have to use method "get". Calling print_r($_GET) can be used to retrieve data from HTML page to controller page.
I am using php, js, flash and mysql on 1 website.
I want to do a URL masking using frameset(or maybe iframe). Scenario:
An user click on a link, which direct him/her to my page with this url:
www.domain.com/index.php?var1=string1&var2=string2
How to mask the url so that visitor can only see www.domain.com/index.php, but actually there are some variables over there. I need the variables, but i dont want the visitors to see. How to do URL masking on this? (I dont expect to get any code, I just want to know the logic of the url masking method)
PS. I probably would not use mod_rewrite, because I dont know how to use/write the code. So please, answer with iframe/frameset methods :)
EDIT: I think I misunderstood your question, so here is another attempt:
In www.yourdomain.com/index.php:
<?php
session_start();
if (isset($_REQUEST['flashvar']) && ! isset($_SESSION['flashvar'])) {
// Store any parameters received
$_SESSION['flashvar'] = $_REQUEST['flashvar'];
// Redirecting without query parameters
header('Location: /index.php');
exit;
}
?>
<HTML>
<HEAD></HEAD>
<BODY>
<?php
echo '<embed src="player.swf?flashvar=',
urlencode($_SESSION['flashvar']), '"/>';
?>
</BODY>
</HTML>
This example will start a session and redirect the user to itself without needing to store any parameters in the query string. Naturally, it will only work if the user has cookies enabled.
Can you submit that parameters as POST data?
For example:
<form name="form1" action="index.php" method="POST">
<input type="hidden" name="var1" value="value1" />
<input type="hidden" name="var2" value="value2" />
</form>
Click me
When user clicks on the link, the form will be submitted to index.php with POST parameters var1 and var2. User will never see this parameters in their URL (still possible to see with various tools though).