I have a webpage with a form on it. The heading of the form is this:
<form name="sw" METHOD ="POST" ACTION="logger1.php">
After some event has happened, a javascript function submits the form like this:
document.forms["sw"].submit();
The php file logs the data from the form in a text file on the server, and then redirects the browser to another page. My issue is that I want to examine one of the values in the form from the previous page on the page that the browser is redirected to. I am completely lost. help!
Have you considered using sessions? The $_SESSION[] array might keep your previously posted variable between pages.
Basically all the form information is being passed to the "logger1.php" file in the POST method.
So you need to see what the code in the "logger1.php" file is and see exactly how the file is redirecting once it's done doing what it does.
Then you can possibly append the variable you want passed on to the redirect method in the GET method.
Lets say the variable you want to pass on is:
$_POST['Some_variable']
and the redirect method is something like:
header('Location: some_file.php');
then you can append it this way:
header('Location: some_file.php?variable_name='.$_POST['Some_variable']);
You can append ?info=hello to the end of the URL it redirects to, then retrieve it in PHP with $_GET['info']
You can't. The information is not passed when the browser is redirected so there is no way to access it.
I think the best way to do this would be to store the value in a database. If you are using ASP.NET the easiest way to do this would be to set up a SQL Server Express database. They are free until you go over 10GB.
Cant you put the variable that you want to look at as a get variable added to the url of the redirected page like so http://yourdomain/thepage.php?var=variable
Related
I Have a form with the following in index.php:
action="calculate.php"
In calculate.php I do some math with data retrieved from index.php.
How can I display the results in some inputs in index.php ?
Ideally, you can use session set the value of the result in calculate.php then redirect to index.php from here, This is where you read the data, you could run some kind of check to see if the result is set in the session and then display it. Don't forget to unset the session result after displaying it.
This would work but It's not the best way to go forward. I would recommend that you do everything in a single file and use a post request to process and display the result, You can also move the calculation logic to functions which can be in a different file and invoke them as needed.
Why not use ajax? Use javascript/jquery to catch the submit event, use ajax to send the data to calculations.php, echo the results back.
I ran a pentest on my app and it should an XSS issue. Essentially, I could do a url like the following and it would give me a popup
https://test.com/index.php?id=12345'><script>alert(1)</script>
So I have implemented something which I hope resolves this issue. At the top of the page I do
$_GET['id'] = urlencode($_GET['id']);
Within the page content, I might then have a link to another page like so
Link
When I now test the page, no pop up is displayed. The pentest is also clear. However, someone else in another location is trying it and they still get the popup. I just wanted to make sure that what I have done is ok?
Additionally, when I view the link in firebug, I see the link with the script part. Should this not be displaying as sanitized within firebug?
Any information appreciated.
Thanks
I think you're looking for htmlentities
I would set it to an intermediate variable, since you're using the $_REQUEST array later instead of $_GET
$id = urlencode(htmlentities($_GET['id']));
and then later
Link
I just setup some pagination for a search, and the search uses POST variables to define what to search for etc. In my URL I can set the pagination offset like this search/OFFSET, and my links in the pagination link there correctly. However, when I click a link all POST variables vanish even if I explicitly set them so I can use them in the next script. I'm using codeigniter and I have GET turned off and really don't want to store these 5-6 values in a session since then it will get all clumsy.
Does clicking a link fully reload the page and delete POST variables?
Thanks
Yes, clicking a link creates a GET request so wouldn't keep any of the POST data. Although it's technically possible to do so with javascript, that's a bad idea.
This is an entirely appropriate use of GET, please read this fuller explanation.
Yes, clicking a link removes all the POST variables.
Do you have access to change your php page that receives the request? You might want to adjust your variables there to accept either GET or POST:
$defaultvalue='';//change this to '' or NULL or whatever you want
$searchQuery = (isset($_POST['s']) ? $_POST['s'] : (isset($_GET['s'])?$_GET['s']: $defaultvalue));
Then your php page will be better equipped to handle either GET or POST
POST data will only be present during the original request (i.e. it does not persist between requests). If you want data to persist, use sessions. However, it is common practice to use GET for search queries and pages.
You could use an incredibly ugly workaround and set a form full of hidden fields to submit when you click a link. I really wouldn't recommended it though.
You should be able to create a form that submits some set of post variables to the action parameter with the get variables. So the form should submit a post request to http://www.somedomain.com/FormSubmit.php?pag=1&sort=asc This would submit the post values of that form along with the get values of the string. If you can change your link to a form button, you should be good to go.
I have a page. The user submits the page and sends it to a PHP results page. It works fine. Now, I want the results page to link to another page, and for the elements on that page to depend on what was on the results page. I know how to pass form variables to another page, but I don't know anything about passing non-form variables.
From my searching on the web, my best guess is that I should be passing by URL. Is this correct? If so, a possible problem: the page I want the results page to pass to will have a form, and the user will go to yet another results page by clicking submit (the form data will be sent by POST). Can I send the non-form data (the old results page variable) along with the form data, if the user is going to the other page using POST?
I strongly suggest using sessions. It's not that hard to learn, php makes it VERY easy using http://php.net/session_start and the $_SESSION variable.
Advantage is that you will not have to submit a form on every click, and no information will be displayed in plain text in the URL.
There are several options. However, the easiest may be to simply pass the data on using hidden input fields.
Other options would be using the session, storing to a database between forms, or some combination therein.
If you are going to use POST to go to the next page the most simple option is to include the data you want to send along using an input type="hidden" element in your form.
You might consider using a session to pass the data along.
You can embed the non-form data into the second form as hidden fields. To make sure that it is also passed in the link, you can just add it to the URL as a query string, like:
http://..../blah.php?var1=val1&var2=val2
as long as the data you're passing can fit into a URL. Be sure to urlencode() anything you're appending to the URL.
<?php
start_session();
$_SESSION['Foo'] = 'Bar' // Add stuff here.
?>
My problem is that the back button causes the browser to say something like "Page expired" when the previous page was created by a form.
Example:
page1: form submitted with search
criterias ($_POST request, form
points to page2)
page2: Receives $_POST request and
show result (list of user with links,
points to page3)
page3: Show user profile
Now when the visitor clicks the back button in the browser it will show something like "Page expired".
Instead the previous page should be shown with no warnings (page2, with the userlist)
How are your strategies to get around this behavior?
If you are submitting a form with search parameters, you are trying to get some data, not modify some.
So, you should use the HTTP GET method, and not POST : POST should be used when you intend to create/modify data, and GET should be used when you intend to fetch some data.
Or, if you have some create/modify operation that has to be done :
The form first POSTs to a first page
That page does some operations (like writing something to a database)
And then redirects to another page, using a Location HTTP header.
It's that last page, that's queries by the browser using a GET requests, that displays the data fetched from the parameters received in the URL.
See the Post/Redirect/Get page on wikipedia, about this.
Use the Post/Redirect/Get (PRG) Pattern.
This applies to PHP and IE8.
Not only must you set cacheing to private, but you must remove the 4 cacheing headers and this can only be done with PHP 5.3. In PHP 5.2 you can only set the 4 headers to blank values if using the Zend Framework's setHeader() method. For some reason is not sufficient on IE8 to set the 4 header values to empty values. Here's the code for PHP 5.3:
header_remove("Expires");
header_remove("Cache-Control");
header_remove("Pragma");
header_remove("Last-Modified");
Send a Location header in the script you POSTed to, pointing to the page that comes after.
Don't use POST for search. Search can safely be done with GET since it won't alter anything.
You can use session to do this.
eg.
$_SESSION['name'] = $_POST['name'];
Remember to unset your variables after the process is complete to optimize memory usage.