I understand that I am able to use the POST method for URL parameters to display data according to a specific variable, I know how to make use of the GET method - but I am told that the POST method can be used to hide the part of the URL that is like this.
/data.php?parameter=1234
What is the actual difference of the two methods in terms of URL parameters?
Below is some code that fetches data from a database according to the id of a specific link
<?php
//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');
//This is the actual interaction with the database, according to the id.
$query = mysql_query("SELECT * FROM table WHERE id=" .$_GET['id'] . ";") or die("An error has occurred");
//This re-directs to an error page the user preventing them from viewing the page if there are no rows with data equal to the query.
if( mysql_num_rows($query) < 1 )
{
header('Location: 404.php');
exit;
}
//Here each cell in the database is fetched and assigned a variable.
while($row = mysql_fetch_array($query))
{
$id = $row['id'];
$title = $row['title'];
$month = $row['month'];
$day = $row['day'];
$photo = $row['photo'];
$text = $row['text'];
}
?>
On a separate page I generate links to the data.php file according to the ID like so:
<?php echo $content['title']; ?>
Forgetting that there are potential SQL injections that can occur through the above code, how would I go about making use of the POST method in order to hide the URL parameters, or at least not display them like this:
http://example.com/data.php?id=1
In order to use POST, you will need to use a <form> tag, and depending on how you are pulling up these URLs, it could be easier to use javascript to help out. Here's a basic example:
<form method="post" action="data.php">
<input type="hidden" name="parameter" value="1234" />
<input type="submit" value="Go" />
</form>
The Go button would POST the form data, and now in data.php you will be able to retrieve the value from $_POST['parameter']. Note that when using POST, you will probably want to redirect (HTTP 302) back to a page so that when a user hits the back button, the browser doesn't prompt to resubmit the form.
Using javascript, you could set the parameter input to a different value before posting the form.
Use method "POST" for your form. I had the same issue, just adding POST to the form removed the parameters from the URL
<form id="abc" name="abc" action="someaction.php" method="post">
<input type="text" id="username" name="username"/>
<input type="password" id="password" name="password"/>
<input type="submit" id="submit" name="submit" value="submit"/>
</form>
To POST values, a browser would have to use a form with method="post", or javascript simulating a form. Various developer tools (fireug, etc) can convert GET forms to POST forms, but generally, a form is what is required.
In theory GET requests should not have any side effects, and "should" be consistent from request to request. That is, the server should return the same content. In todays world of just about everything being dynamic, this might be of little practical design significance.
Whether you use GET or POST, the parameters will appear in $_REQUEST. The critical difference is that using POST allows the variables NOT to appear in URL history. This decreases the visibility of data such as passwords which you do not want to show up in URL history. To use POST instead of GET, simply produce <form method="POST" ...> in the document.
Even better is to store sensitive values (like user ids) in cookies, so that they don't appear in $_REQUEST at all. Since the contents of cookies are provided in extra HTTP request headers, not in the content, they are generally not stored as part of the history.
In order to use POST instead of GET, you would need to use an HTML form tag in your html, like so:
<form method="POST" action="/data.php">
<input type="hidden" name="parameter" value="1234" />
<button type="submit">Submit</button>
</form>
When submitted, your URL will just be /data.php and parameter=1234 will be in your (hidden) post buffer.
Make sense?
To do a POST, you have to use a form, or some javascript/ajax trickery. An <a> will only ever cause a GET request.
Note that POST requests can still have query parameters in the URL. It's not "normal" to have them, but they are allowed. The main difference being that with a GET request (ignoring cookies), the URL is the ONLY way to send parameters/data to the server. With POST, you can use both the URL, and the body of the POST request, which is where POSTed form data is normally placed.
Related
loaded page from javascript. tested for GET & POST. Only GET set as expected;
window.location.href = "medications_edit_revised.html?recordId="+id ;
Retrieved and used the data from the GET[]
Reloaded page from SUBMIT as shown below.
<form method="post" action="">
<table id="detailsDivTable">
<?php
$editClass->selectTheRecord();
?>
</table>
<fieldset name="Group1">
<legend>Group box</legend>
<input name="saveButton" type="submit" value="Save" />
<input name="deleteButton" type="submit" value="Delete" />
<input name="cancelButton" type="submit" value="Cancel" />
</fieldset>
</form>`
Tested GET[] & SET[]
if (isset($_GET['recordId']) ) {
$recordId = $_GET['recordId'];
require_once "medications_edit_revised.class.php";
$editClass = new editRevisedClass($DBH, $recordId);
}
if(isset($_POST['saveButton'])) {
Both tested TRUE. Is this normal behavior. I expected the GET[] would have been cleared when the form was POSTed
If yes is there a way to clear the GET before sending the SUBMIT
Thanks
When you set the URL like this:
window.location.href = "medications_edit_revised.html?recordId="+id ;
You have set URL params. Then when you do this:
Reloaded page from SUBMIT as shown below.
<form method="post" action="">
Because the action is empty it'll retain the URL parameters, because that's what empty and (eg) $_SERVER['PHP_SELF'] do - they send to the current URL, params and all.
You already know the URL so just set it as needed:
action="medications_edit_revised.html"
You seem to be confusing POST/GET requests and the PHP $_POST and $_GET superglobal variables.
PHP will populate $_GET with data in the query string of the URL the request was made to.
PHP will populate $_POST with data in the request body of a POST request if that data is encoded using a supported encoding.
It doesn't matter if the request was caused by JavaScript, a form submission, or something else.
Is this normal behavior.
Yes
If yes is there a way to clear the GET before sending the SUBMIT
Submit the form to a URL which does not have a query string.
The URL the form is submitted to will be specified by the action attribute.
If you don't have an action attribute, it will be submitted to the URL of the current page. If that URL has a query string, then so will be the URL that the form is submitted to (and thus $_GET will be populated).
If you want to avoid that, then specify the action explicitly.
Can you please past some of your code?
If you use GET to revice your variable, it gets it from the URL: example.com?name=jesper&lastname=kaae
The differences is:
GET requests a representation of the specified resource. Note that GET should not be used for operations that cause side-effects, such as using it for taking actions in web applications. One reason for this is that GET may be used arbitrarily by robots or crawlers, which should not need to consider the side effects that a request should cause.
And
POST submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
You can read more about them here
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" onsubmit="return checkValid(this)" method="GET">
<input type="text" name="Symbol">
<input type="submit" name="submit" value="Search">
</form>
<?php
if($_SERVER["REQUEST_METHOD"] == "GET"){
echo "test";
$CSymbol = $_GET["Symbol"];}
?>
when the page was first load and did not press submit button, the php was executed and "test" was print on the screen, also with error:
Notice: Undefined index: Symbol in test.php on line 179
but if i change everything to POST, problem solved. Why is that, what's different btn GET and POST?
GET values are sent in the URL, POST in the HTTP Body. So "GETting" values can alsways be done but may be empty. POST has to be manually created. If you want to use GET in this case however. Guard it:
<?php
if($_SERVER["REQUEST_METHOD"] == "GET" && isset($_GET["Symbol"]){
echo "test";
$CSymbol = $_GET["Symbol"];}
?>
Reference Link
GET and POST are two different types of HTTP requests.
According to WikiPedia:
GET requests a representation of the specified resource. Note that GET should
not be used for operations that cause side-effects, such as using it for taking
actions in web applications. One reason for this is that GET may be used
arbitrarily by robots or crawlers, which should not need to consider the side
effects that a request should cause.
and
POST submits data to be processed (e.g., from an HTML form) to the identified
resource. The data is included in the body of the request. This may result in
the creation of a new resource or the updates of existing resources or both.
So essentially GET is used to retrieve remote data, and POST is used to insert/update remote data.
Authors of services which use the HTTP protocol SHOULD NOT use GET based forms
for the submission of sensitive data, because this will cause this data to be
encoded in the Request-URI. Many existing servers, proxies, and user agents will
log the request URI in some place where it might be visible to third parties.
Servers can use POST-based form submission instead
Finally, an important consideration when using GET for AJAX requests is that some browsers - IE in particular - will cache the results of a GET request. So if you, for example, poll using the same GET request you will always get back the same results, even if the data you are querying is being updated server-side. One way to alleviate this problem is to make the URL unique for each request by appending a timestamp.
For your above code..
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" onsubmit="return checkValid(this)" method="GET">
<input type="text" name="Symbol">
<input type="submit" name="submit" value="Search">
</form>
<?php
if($_SERVER["REQUEST_METHOD"] == "GET" && !empty($_GET['Symbol'])){
echo "test";
$CSymbol = $_GET["Symbol"];}
?>
Every http request that is not a POST counts as a GET request, and so every page that loads up has an empty GET request, php will create a super global $_GET array with every non post request.
Hope this helps you understand what is going on.
Near the top of my page, I have this:
<?php $id = $_GET['id']; ?>
Then I have some form check conditionals that read from POST:
if (isset($_POST['completeSubmit'])) {
//code
}
And finally, I have an HTML form which looks like this:
<form action="<?php echo $_SERVER['PHP_SELF']."?id=$id"; ?>" name="complete" method="post">
<input type="submit" id="textButton" name="completeSubmit" value="[mark as complete]">
</form>
The page is initially accessed by using GET with an id variable like this:
http://website.com/page.php?id=1
All subsequent form submissions (which get redirected to the same page) fail. I know you can't send both GET and POST in the same request, but seeing as my form is submitting to $_SERVER['PHP_SELF']."?id=$id" using POST shouldn't it work? This is my first time trying this so it is quite possible I've overlooked something trivial.
You can use get and post at the same time, but you shouldn't. If you want to continue to send the ID this is as simple as:
<form ...
<input type="submit" ...
<input type="hidden" name="id"
value="<?php echo htmlspecialchars($_GET['id'], ENT_QUOTES); ?>" />
</form>
Of course you can not use GET and POST methods simultaneously.
However you can use a query string while sending a form using POST method, which being used to populate $_GET array.
To find a certain error you have to provide more info. At least 2 things:
how does HTML form look
what do yo see in the query string after posting the form.
and errr...
do you use any header redirects in the form processing?
I'm newbie in PHP.I want to know that,I taking data by html form and a .php file.
like:
<form id="form1" name="form1" method="post" action="show.php">
<strong>Please Enter the Unique id</strong><br/><br/>
Unique id:
<!-- name of this text field is "tel" -->
<input name="id" type="text" id="id" />
<p>
<input type="submit" name="Submit" value="Submit" />
</p>
</form>
</html>
Then,I used show.php file to get the 'id'.like:
$id=$_POST['id'];
Is there any way to take input by php code???
Update:
In "C" we take ant input by this way
scanf("%d",a);
is there any way to do so in PHP.I think now all you may be clear what I'm trying to say??
Thanks
Yasir Adnan.
What you are you trying to get is wrong!
HTML:- It is the communicator between the user and the browser. It displays the contents according to the user input or html code.It gets data from user or from html code.
Php :- It is the communicator between server and the browser. It has the capability of collecting from some where else other than the code like mysql data base and then uses html to display the content!
Here you are asking php to do html work which is not correct!!
the html
<input name="sb_id" type="text" id="sb_id" />
php
$id=$_POST['sb_id'];
Well, you do take the input by your php code. Your variable $id took the value of $_POST['id'] which contains the input of the textfield.
After this step you can work with the variable like any other
$id = $_POST["sb_id"]; ?
Remember that $_POST["field_name"] where field_name must be match the name attribute of your <input /> tag.
the id attribute of input tag is not sent to server inside the $_POST array. It`s typically used in client-side.
You can get data in your PHP code through GET and POST parameters. Those parameters are part of the HTTP request.
The GET parameters are in the url :
http://mywebsite.com/id=3&name=test
Then you get them using:
$id = $_GET['id'];
$name = $_GET['name'];
So you can get input data through this way when people visit the URL, call it in AJAX, or call the URL in another application (like a webservice). But no matter how it's called, it's the same for you on the PHP side.
The POST parameters are in the HTTP request, you can't pass them through the URL. You can do that by using an HTML form, or by creating the HTTP request yourself. If you are using Javascript to call your PHP code (and pass data to it), you can use AJAX to do that for example. You, in your PHP code, can get the variables this way:
$id = $_POST['id'];
$name = $_POST['name'];
If you want console-style I/O, you should probably check JavaScript/AJAX. The second one will allow you to write your own wrapper that will help you to process the input by your server "on air".
The problem is, you still need to use $_POST for AJAX. And, which is more important, it's easier (and cheaper for the server) to validate and process input by JS (and to validate and process it further on the server-side after submit).
And if the question is "how can I get the variable from the needed format?", the answer is: try using regexps/parsing the string.
Oh, btw: there IS scanf() in php, and it's called 'sscanf' ('fscanf' for files).
I have a index.html where I would like to submit some coordinates that can be passed upon to separate PHP file; where it could perform a query. I am new to this.
HTML:
Xmax<input type="text" name="Xmax" size="15">
Ymax<input type="text" name="Ymax" size="15">
<input type=SUBMIT name="submit" VALUE="Submit">
PHP query:
$query = "SELECT * FROM state WHERE LONG_HI<$_POST["Ymax"] AND LAT_HI<$_POST["Xmax"];
$result = mysql_query($query);
So is there a way to perform remote action from this HTML file to the specified PHP file?
Well, Forms can do the job. Is'nt it?
Yes
Either make an HTML form to accept the Xmax and Ymax parameters, and set the form action to the PHP file;
Or use AJAX to pass the data in the background and receive a response.
If both of these concepts are foreign to you, and you don't know JavaScript, get comfortable with the first option first.
Would you please describe in detail what you are about to do?
do you have a html form?
What kind of request do you do, clicking a link, sending the form?
The query does not contain any of the variables...
could you please post excerpts of the code? single lines are useless in most cases.
Regards,
Mario
use action attribute in FORM element to specify where the request will be sent to.
<form action="another.php" method="POST">
Xmax<input type="text" name="Xmax" size="15">
Ymax<input type="text" name="Ymax" size="15">
<input type=SUBMIT name="submit" VALUE="Submit">
</form>
You just add few line with your code because to transfer any variable value from one form to another page we have to use 'form' method. So, we have to add form tag with your code. Transferring of data from one page to another page (any type of page like php, jsp, aspx etc) is done by two methods mainly - one of them is Post and another one is Get.
Difference between both the method is quite simple. In Post method, data from one page to another page travels in hidden form whereas Get is basically used to transfer value by displaying it at url. Post method example: user-name and password, and Get Method: any query fired at Search Engine.
<form name="form" action="filename.php" method="POST" >
//Your Code
</form>