How can I find the POST URL for a form that's being posted using ajax (action handlers are in PHP, but I doubt that matters too much in this case)?
Problem is I need to find out using an alternate method as I don't have access to the source.
if you can run the page, you could check with Live HTTP Headers or fiddler to see where the POST is going...
What do you mean you don't have access to the source? If the JavaScript Ajax call is executed, then you probably do have access to the code. It's probably just a bit tricky to find.
Use firebug to understand which request is happening.
Related
I have a web application which I wrote in PHP. Each of my forms do an HTTP POST to a PHP file which processes the data and returns a result.
Now I want to use RAD Studio's Delphi XE4 to create an application which can be used on phones to perform basic functions on the site.
For example...
I have a function in my PHP file called F.
F Does some calculations with parameters passed using the $_REQUEST[''] directive.
So my question is: is there a way that I can use Delphi to post to my website and return the result.
I've searched for similar requests but no-one seems to have done this before.
I would even use a JavaScript file if someone can tell me how I can incorporate it?
I know jQuery has a $.ajax method, is there maybe a way to implement that?
I can assure you that you're not the first person to do an HTTP request via Delphi :)
You state that you're fetching the request data via $_REQUEST, so you'll get both POST and GET data, so perhaps these links might be of interest:
What's the simplest way to call Http GET url using Delphi?
What’s the simplest way to call Http POST url using Delphi?
I have a .php file from another server which processes data. This data is tabulated. So whenever I call this page using $.post with the right parameters, its response is nothing. I checked my code and maybe the header is the one responsible for it. What I want actually is to return my tabulated data so that I can populate it to another page. My header is like this, header("Content-type: application/json");. What am I missing?
$.post('http://333.333.33.33/reporting/table.php?loc_id='+locid+'&loc_type='+loctype+'',{loc_id:locid, loc_type: loctype},function(data){
$('table#default_table').hide();
$('div#generated_table').html(data);
});
that is how I call my $.post.
You my friend have become yet another victim of the Same Origin Policy - luckily, this can be "worked around" by using a method called JSONP. This does, however, require a GET rather than a POST request. I myself had to use this, and I had no idea about how it worked, so I asked a question and got a wonderful answer!
You need to communicate between 2 different domains right?
You need to use JSONP here instead JSON.
Check Detail
I am working on a live weather data page. Our weather module outputs the data in CSV and stores it on my webserver. I then use a PHP script to translate the CSV into an array and then i encode it in JSON and output it so that my jQuery Ajax script can call it every so often to get the latest data and update the page. This is working great so far.
My question is, how can i prevent the URL used to retrieve the JSON (the URL of the aforementioned PHP script) to be opened and viewed in a browser? I tried adjusting the permissions, but to no success.
Thanks in advance to any who are willing to help.
There's no real way of doing that, since the Ajax call also comes from the browser. There's no real difference between a proper browser call and an Ajax call. A GET call is a GET call.
EDIT
As per #Adeneo's suggestion, implementing a pseudo-security, through some kind of key, would be a good way of making it harder for people to view the page, even though there's no way of literally blocking the call.
Also, adding a header to your Ajax call and verifying the presence of that header in your backend script makes it a bit harder to spoof.
Another idea would be that, if that service would be called only once per page view, you could setup a key in your javascript, provided by your server, to append to your ajax call. When the server gets called, the key provided becomes invalid after use, preventing someone from calling the service with the same key twice.
There is no way of (reliably) identifying a browser as anything that is not some form of "Authentication-Token" can be faked. The server relies on the client to be honest.
You can detect if a request is an ajax request tho. Here is a link to one way of doing it:
http://davidwalsh.name/detect-ajax
This is how he does it:
/* AJAX check */
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
/* special ajax here */
die($content);
}
You will want to reverse the statements in the if since it die()s when the request IS ajax.
There are other ways of detecting ajax, none of which are 100% secure, including you setting a GET variable that helps you identify an ajax call (but that get variable can also be sent via the browser via the address line so well... you get the picture)
Short answer: you cannot.
Long answer: you could implement a simple Browser Sniffing. Or search for far more advanced methods.
$browser = get_browser(null, true);
if ($browser[parent] == "whatever-identifies-clients-that-have-access") {
//Code to output jSon here.
}
else {
header('HTTP/1.1 403 Forbidden');
}
But note that this is not security. At the very most, it throws up a barrier; but preventing is impossible.
Edit This assumes the client is not a browser, I wrongly assumed a (mobile) client of some sorts was accessing the JSON. When it is a browser, you cannot deny access. At all. AJAX comes from that browser too.
by using post method ,i cant see what are the values passed in url, is there a way other than GET to achieve this, i heard there is a way by using coding in scripts. anybody have idea on this? Thanks in Advance..
by using post method ,i cant see what are the values passed in url
Yes, you can. No values are passed in the URL and you can see all zero of them! ;)
More seriously, you can see what data is passed in the body by using the network tab of your browser's debug tools or by using a proxy server such as Charles Proxy.
You shouldn't consider changing the HTTP method for data inspection. It just means that you either end up using an inappropriate method in production, or that you risk things breaking when you change back to the correct method.
One way you can try to use javascript(jquery, etc..) to catch all values from your control box in the form, then render as the url link on the view.
I am thinking of developing a website in PHP and I was thinking of using AJAX in order to send data to, and retrieve data from a server asynchronously (in the background) without interfering with the display and behavior of the existing page.
So my question: would it be better to use AJAX to GET or POST to php pages or any other options are possible?
There are not that many options when it comes to submiting data, either you use AJAX or use the normal http message like GET or POST. If you would like to determin witch is better i would say: it depends.
Ajax seems to me like a great way of making more dynamic a part of your site, but i dont think its always practical to use in all your site. Ajax is generally used when you need to show some context change on one page, like posting a commner, faving a question, or things like that. Another great thing about it is not to bound user to a form (you can save info with a link like when you vote a question here)
Using GET or POST its usefull to let the user now here's moving along a process or when things that happen after or before are different, or context change a lot when submitting.
Rule of thumb (regardless of AJAX).
If you're going to send large amounts of data, or sensitive data... POST.
Otherwise, GET works just as fine.
I recommend use JQuery.
with $.ajax of Jquery, you can use it with multiple options depending that you need.
So you can work with POST, GET, receive data like text, json...
Here you can get more info:
http://api.jquery.com/jQuery.ajax/
I always use $_POST. I wish I could give a reason why I think it's better, but I can't. I guess it's because I've always preferred sending data via POST rather than GET so the user doesn't see it, and it just carried over to my ajax.
I would use $_POST just for the fact that it can store more data.