I'm tying to send POST data from one site to another (both sites have been developed by us).
The problem is that the POST variables are not available if the page is requested from another domain.
Even if I test it locally, but specify the complete url, the POST data is gone.
So, this will work:
<form method="POST" action="test.php">
But this will not:
<form method="POST" action="http://example.com/test.php">
Here is the HTML for the page:
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="http://example.com/test.php">
<input type="text" name="request" value="" id="" />
<input type="submit" value="" id="" />
</form>
</body>
</html>
After the comments I got that this should work, I tested it on another server and there everything worked fine indeed. This might have something to do with the fact on the first server https is enabled. But if this is the case, I find it strange that I do get information back but that just the POST data has gone missing.
What you have should work fine - forms came before the same-origin policy - you're allowed to submit to different domains.
If I were to hazard a guess, I'd say there's a 301 or 302 redirect getting in there somehow? Follow the HTTP headers with Firebug for example to be sure.
As others have said, there should be no problem doing this. I would suggest replacing your test.php script with something simple, like this
<?php
echo "<pre>";
var_dump($_POST);
echo "</pre>";
You should find it works, which means the blame lies somewhere in the "real" script...
Maybe also a timesaver:
If you POST to domain.com make sure it doesn't get redirected to www.domain.com.
The redirect doesn't take the POST variables into account , only GETvariables.
If it does get redirected to the www.domain.com add the www. in your POST-action
Thank you. I too found out that redirection to www and https was blocking the performance of my $_POST request.
By changing my action to include https://www.
I fixed my problem.
Thank you
Related
I've recently migrated servers and found that all $_POST requests on my website are no longer working. The requests always successfully redirect to the 'post' page, but no data is sent and print_r($_POST) always turns up an empty string. I believe this issue has something to do with PHP's settings because the problem occurs over multiple pages which were working fine on the previous server (GET requests seem to still be working fine).
I created a test.php file in my home directory with a very simple POST form to try to rule out any variables.
<?php print_r($_POST); ?>
<form action="test.php" method="POST">
Name: <input type="text" name="name"><br>
<input type="submit">
</form>
the page always prints only an empty the array Array ( )
Any help would be greatly appreciated, I'm sure its something simple but google doesn't seem to have the answer :(
I've realized the issue was in my .htaccess file. My POSTS were being stripped of their extensions and losing all the post data.
this topic php $_POST array empty upon form submission was the most help
I'm a bit confused about this. I'm hoping it's something wildly obvious I've missed! I have a very simple form:
<form class="form-signin" role="form" name="login" method="POST" action="/page">
<input type="password" name="password" />
<input type="submit" value="Sign in" />
</form>
Note: this page lives at /page and is echoed after the following HTML:
On /page I have this at the very top of the file:
<?php
var_dump($_SERVER['REQUEST_METHOD']);
For some reason, it always shows up as GET when I submit this form. If I take the action="/page" part out then it shows up as POST. What am I missing here?
Note: Even when I load the page, then put at exit after the above var_dump() call, it still shows GET.
In the inspector's timeline I see this for the request:
Thanks to the comments to my question I have found the answer to be in apache configuration. It appears that, because the index.php file is inside a folder called page, apache will automatically redirect to the page with a slash on it. This is the default setting as seen in the Apache directorySlash documentation.
As they warn against turning this off, I will just change the url to what I'm posting. Alternatively, of course, I could add a .htaccess file with proper rewrite rules setup.\
Thanks for everyone's help! As a side note, Safari's inspector left me a little wanting in this case. Chrome turned out to be a far better option for testing.
In one site, www.example.com, I have a form. It is processed and stored in its database.
Is it possible to send this form data also to another site (www.client-site.com)? It is located on a different server. And this client-site should receive the data and store it on its own database.
I am not sure of the terminology and what should I've been looking for.
Tested different search queries here in SO and this is what most resembles it:
[php] [mysql] +form +"$_post" +external
I'd like to develop this with PHP and the databases run MySQL, and surely security is important in this data transaction.
And hoping this is not a SOAP matter... ;)
Justification:
www.example.com runs a mini site of one of my clients
www.client-site.com is the client main site
being a large company, they cannot provide me credentials to their main site database
I have to propose an alternate solution
You will need to have something like a webservice (this is the word you are looking for) on site b which you can use from the code within your site a.
SOAP is one possibility to create a webservice, but there are many other possibilities. One is shown in this answer on stackoverflow.
NEVER EVER try to archiv this using forms and something like cURL!
Further you should look for proper authorization on your endpoint (site b) and ensure that ssl is used, as security is important to you.
If you have a form hosted on www.example.com like this:
<form method="post" action="http://www.client-site.com/handler.php">
...
Then the page http://www.client-site.com/handler.php will be able to access the post variables.
This is why it is important that you validate your post data in your own PHP applications as you can never be sure where the data is coming from and therefore cannot trust it.
I can think of a very ugly solution wich will do the trick :)
<script language="JavaScript">
function submitForm(theform) {
theform.action = "SITE ONE";
theform.target="myframe1";
theform.submit();
theform.target="";
theform.action = "SITE2";
theform.submit();
}
</script>
<html>
<body>
<form action="" onSubmit="submitForm(this); return false;">
<input type="text" name="userName" value="" />
<input type="Submit" />
</form>
<IFRAME name="myframe1" src="about:blank" width="0"
height="0"></IFRAME>
</body>
</html>
This is not so conventional but will do the trick !
check it out :)
I have a simple HTML form, sending a post request to a php script. In IE8, the form only works intermittently - most of the time the PHP script sees an empty $_POST variable.
Here's my code:
<html>
<head>
<title>Post test</title>
</head>
<body style="text-align: center;">
<?php
echo "<pre>".print_r($_POST, TRUE)."</pre>";
?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" name="name">
<input type="hidden" name="hidden" value="moo" >
<input type="submit" value="Search" >
</form>
</body>
</html>
Sometimes the print_r gives the response you'd expect (i.e. it's populated with the data from the form), most of the time it's empty.
Not being able to use POST is a bit of a problem for web applications - anyone got any ideas what's going on, and how to fix it?
Thanks everyone for wading in on this one.
It turns out the problem lay in an Apache module I had enabled.
It's a module to allow apache to use Windows authentication to identify a user via their Windows User id - mod_auth_sspi
The effect is caused by a known bug, in the module, but with a simple extra directive this can be worked around, until a fix is added in the next update, as described here:
http://sourceforge.net/projects/mod-auth-sspi/forums/forum/550583/topic/3392037
That sounds very very bizarre. Does it happen in other versions of IE as well?
I can't tell you what the problem is, but here are my suggestions on how to diagnose it:
Print $_REQUEST rather than just $_POST, to see if the data is coming in via another method.
Use a tool like Fiddler or Wireshark to track exactly what is actually being sent by the browser.
Fiddler in particular has been very helpful for me a few times (mainly when debugging Ajax code), and will tell you exactly what was posted by the browser. If your web server is localhost, you can also use Fiddler to track what is received before PHP gets its hands on it. If not, you can use wireshark on the server if you have permissions for installing that sort of thing.
In addition to Fiddler, I would have suggested a browser-based tool like Firebug, but I don't know of one for IE that is good enough (The IE dev toolbar doesn't give you details of request and response data, as far as I know).
I'm suspicious that when the script is telling you that $_POST is empty, you did not actually POST the form. You can check by adding print($_SERVER['REQUEST_METHOD']); after your print_r($_POST);
If you are posting a file some of the time (i.e. with a file input) then make sure you set enctype="multipart/form-data" in your <form> element.
Have you checked the generated html? Is it possible that echo $_SERVER['PHP_SELF'] isn't producing the output you're after, which messes up the form html, which messes up the POST?
I am using php, js, flash and mysql on 1 website.
I want to do a URL masking using frameset(or maybe iframe). Scenario:
An user click on a link, which direct him/her to my page with this url:
www.domain.com/index.php?var1=string1&var2=string2
How to mask the url so that visitor can only see www.domain.com/index.php, but actually there are some variables over there. I need the variables, but i dont want the visitors to see. How to do URL masking on this? (I dont expect to get any code, I just want to know the logic of the url masking method)
PS. I probably would not use mod_rewrite, because I dont know how to use/write the code. So please, answer with iframe/frameset methods :)
EDIT: I think I misunderstood your question, so here is another attempt:
In www.yourdomain.com/index.php:
<?php
session_start();
if (isset($_REQUEST['flashvar']) && ! isset($_SESSION['flashvar'])) {
// Store any parameters received
$_SESSION['flashvar'] = $_REQUEST['flashvar'];
// Redirecting without query parameters
header('Location: /index.php');
exit;
}
?>
<HTML>
<HEAD></HEAD>
<BODY>
<?php
echo '<embed src="player.swf?flashvar=',
urlencode($_SESSION['flashvar']), '"/>';
?>
</BODY>
</HTML>
This example will start a session and redirect the user to itself without needing to store any parameters in the query string. Naturally, it will only work if the user has cookies enabled.
Can you submit that parameters as POST data?
For example:
<form name="form1" action="index.php" method="POST">
<input type="hidden" name="var1" value="value1" />
<input type="hidden" name="var2" value="value2" />
</form>
Click me
When user clicks on the link, the form will be submitted to index.php with POST parameters var1 and var2. User will never see this parameters in their URL (still possible to see with various tools though).