I'm trying to use the header() function to create a redirect. I would like to display an error message. Currently I'm sending the message as a parameter through the URL, however this makes it look quite ugly.
Is there a way to pass this value as a post variable instead?
Any advice appreciated.
Thanks.
Dan, You could start and store a session in PHP then save the message as a session variable. This saves you from having to transfer the message in an HTTP request.
Manipulating Sessions
//Start the session
session_start();
//Dump your POST variables
$_SESSION['POST'] = $_POST;
//Redirect the user to the next page
header("Location: bar.php");
Now, within bar.php you can access those POST variables by re-initiating the session.
//Start the session
session_start();
//Access your POST variables
$temp = $_SESSION['POST'];
//Unset the useless session variable
unset($_SESSION['POST']);
To read more about sessions, check out: http://php.net/manual/en/function.session-start.php
The header function is used to send HTTP response headers back to the user so actually you cannot use it to create request headers :(
One possibility is to use the CURL but I don't think it is worth of what you are doing.
Provided that you have local access to the page displaying the error, instead of redirecting you could include it in the page which caused the error and then programmatically display the error message.
if(something_went_wrong()) {
require_once('errors.php');
display_error('something really went wrong.');
}
The errors.php file would then contain a definition for display_error($message), which displays the formatted message.
When passing variables between modules I have found it easier to construct an array from the variables, convert the array to json and store it in a db table with two columns, a varchar key and a text data. The json would go in data and the key could be anything you want. Then in the target module you just read that back, convert the json back to an array and voila, you have your variables. No $_POST, no $_SESSION, no fuss, no muss, quick and easy. Of course that assumes you have access to a database, although you could use a file on the server. $_POST is useless since it needs a and $_SESSION can be cranky and can lead to unexpected results. Otherwise you'd almost have to use ajax.
Related
I am working on a system where I retrieve user preferences and insert them into cookies with JSON because I have a Javascript file that needs to use the value in the cookie too.
Now, when i use JSON.Stringify() with javascript i get the data just as i expect it.
However, when i go to check the cookie after it has run the PHP script i get this:
Here is my code from the php file:
public function onSecurityInteractiveLogin(InteractiveLoginEvent $event){
if($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')){
$selectedCategories = $event->getAuthenticationToken()->getUser()->getProfile()->getCategories();
setcookie("userInterests",json_encode(get_object_vars($selectedCategories)),(time()+3*60*60*24*30));
}
}
any help would be greatly appreciated!
In my case I had multiple problems: firstly I tried to enter an object(that I thought was an array) into the cookie. This had the weird cookie as a result, because the PHP cookie only held the start string for the urlencode.
Secondly, I didn't know that cookies automatically get urlencoded in PHP so that threw me of.
If I just use urldecode now, at the point where I am returning the data from the cookie. It should just pass the javascript cookie without editing it and my php cookie will be useable.
Currently I put a constant on my webpage using PHP which I then send, with Ajax, to my POST function. However, this leaves it susceptible to hacking (the user could change the variable with Firebug), so is there a way to store the variable in the PHP of the page and then access it later on, in the POST method (or is the GET variable of the page still available in the POST function, since that's where I get the variable from)?
I think what you have wanted is to store the post value to use it later.
Here you would need to use $_SESSION
You can do it like
session_start();
// Save variables into session
$_SESSION['thevalue'] = $_POST['value'];
If you wish to store between successive calls from the same user use the follwing:
<?php
session_start();
$_SESSION["your variable/constant"] = yourvaule;
Now use the variable as needed, accessing it as $_SESSION["your variable/constant"]
Hope it helps, and it's what you're asking.
I'm trying to carry a file that is uploaded through to a second script. I'm using an HTML form for the file upload and php to save the file. The PHP variable is:
$_FILES["Picture"]["name"]
I know when you create a POST html form and hit submit, then the following page has access to: $_FILES["Picture"]["name"].
But now I want to redirect using header to another page and have access to $_FILES["Picture"]["name"].
Is there a way to do that.?
Store $_FILES array in $_SESSION like $_SESSION['file'] = $_FILE["Picture"]["name"] and access session $_SESSION on another page/script
Try saving the data you want into the session, then it's accessible in subsequent calls. $_SESSION is what's known as a superglobal. You can also use $_COOKIE to save it to the user's cookies instead of the server session.
Something like this:
$_SESSION['picture'] = $_FILES['Picture'];
Then to print it later all you have to do is the following, like any other array:
echo $_SESSION['picture']['name'];
use cURL to request the second page with the exact same headers from the first request
Would this be the correct way to loop through the $POST data sent by an API and have a equivalent $SESSION name/value pair be created from it?
foreach($_POST as $key=>$value)
{ $_SESSION['$key']=$value; }
UPDATE: First, thanks for the solid responses - I think I need to explain the problem I'm trying to overcome and why this functionality is being considered. The $_POST response is coming from a payment processor gateway - the problem is that since the payment form/processing is not on our domain the results of the payment (approved/declined etc. etc.) is being RELAYED to our server via $POST - When our PHP code tries to process the response data it looks for various PHP structures (Like php include 'file.php') under there domain instead of ours and errors out - I need to move the $POST data into a session and then move the person back to our domain so that the file/directory/resource tree is correct. Does this make sense what im encountering?
Don't use single quotes:
foreach ($_POST as $key => $value) {
$_SESSION[$key] = $value;
}
I'd encourage you to read about Strings in PHP.
Note: This is potentially unsafe for several reasons - mostly injection by key collision. Consider if I posted the logged in user id.
This could be mitigated through encapsulation:
$_SESSION['posted_data'] = $_POST;
Don't you rather want to keep them separated?
$_SESSION['response'] = $_POST;
If you really want to do it as you state, you could use something like
$_SESSION=array_merge($_SESSION,$_POST);
which would work but be a "bad thing" - plenty of scope to overwrite items already in the $_SESSION variable:
index.php:
<form action="2.php" method="post">
<input type="text" name="hidden" value="hidden">
<button type="submit">Click</button>
</form>
2.php:
<?php
session_start();
session_unset();
$_SESSION['hidden']="existing";
$_SESSION=array_merge($_SESSION,$_POST);
echo '<pre>'.print_r($_SESSION,true).'</pre>';
Better would be to use
$_SESSION['POST']=$_POST;
Obviously, perform any data checks you need to before doing this though
Ignoring the security issues this could cause depending on how you use it, what you could do is use:
$_SESSION = array_merge($_POST, $_SESSION);
This will only bring in POST vars which have a key not already found in $_SESSION. Switch them around if you want the POST vars to take precedence of course.
Just a quick note on security, if like a lot of people you use the session to store user id, what would happen if i sent a POST request to your script with userid=1?
All im saying is, be careful what you are doing with this. You'd be better off if possible doing as suggested and using a unique key in $_SESSION for post vars such as $_SESSION['post_vars'] = $_POST (or maybe ['form_data'] if you're using it to persist form data, which is usually why people do this).
You could also use the array union operator:
$_SESSION = $_POST + $_SESSION;
This takes the values of $_POST and adds those values of $_SESSION whose keys are not already present in $_POST.
Since the POST is made by a payment gateway, the session will be associated with it (and most likely be lost at first request, since it can be assumed that it won't ever bother reading the session cookie).
Your client won't ever see this data in their session.
If you want to have this data available, you need to persist it somehow, if the payment gateway gives you exploitable client information. Possible solution are a database, key/value store...
Alternatively, it is common that the payment gateway will allow you to specify a link to redirect the client's browser to after the purchase. Getting the parameters from the POST, you could append them to the redirect URL to pass them back to your website as GET parameters.
I'm writing a php code processing a lot of data, sometimes interactively. In my starting php page i call the function session_start() before sending any other data to the browser. Then, i put some data into the $_SESSION[] array, like this:
$_SESSION['something'] = $variable;
After, there is a form, what is sent via GET and XMLHttpRequest.
getrequest.open("GET", "data_processing.php?var="+onevalue+"&another_var="+twovalue, true)
getrequest.send(null)
Another php script recieves the user data from this GET, and there i'd like to use the data stored in $_SESSION as well. But $_SESSION seems to be empty. I've never used sessions, what is the correct way to make available variables to consequent php scripts?
Are you sure you called session_start first?
See: http://php.net/manual/en/function.session-start.php
I finally found the solution: another script still used the session, so i had to insert session_write_close(); then it works fine. Thank you for all the answers!