I am using php, js, flash and mysql on 1 website.
I want to do a URL masking using frameset(or maybe iframe). Scenario:
An user click on a link, which direct him/her to my page with this url:
www.domain.com/index.php?var1=string1&var2=string2
How to mask the url so that visitor can only see www.domain.com/index.php, but actually there are some variables over there. I need the variables, but i dont want the visitors to see. How to do URL masking on this? (I dont expect to get any code, I just want to know the logic of the url masking method)
PS. I probably would not use mod_rewrite, because I dont know how to use/write the code. So please, answer with iframe/frameset methods :)
EDIT: I think I misunderstood your question, so here is another attempt:
In www.yourdomain.com/index.php:
<?php
session_start();
if (isset($_REQUEST['flashvar']) && ! isset($_SESSION['flashvar'])) {
// Store any parameters received
$_SESSION['flashvar'] = $_REQUEST['flashvar'];
// Redirecting without query parameters
header('Location: /index.php');
exit;
}
?>
<HTML>
<HEAD></HEAD>
<BODY>
<?php
echo '<embed src="player.swf?flashvar=',
urlencode($_SESSION['flashvar']), '"/>';
?>
</BODY>
</HTML>
This example will start a session and redirect the user to itself without needing to store any parameters in the query string. Naturally, it will only work if the user has cookies enabled.
Can you submit that parameters as POST data?
For example:
<form name="form1" action="index.php" method="POST">
<input type="hidden" name="var1" value="value1" />
<input type="hidden" name="var2" value="value2" />
</form>
Click me
When user clicks on the link, the form will be submitted to index.php with POST parameters var1 and var2. User will never see this parameters in their URL (still possible to see with various tools though).
Related
I am working on PHP/MySQL project with a modest CMS.
I am working on a page called - index.php?page=personnel - where I am trying to update a personnel in the database.
On that page I have an included form with - action="?editpersonnel" method="post"
Meanwhile, in PHP:
if (isset($_GET['editpersonnel'])) {
... // update personell ...
header('Location: .');
exit();
... idea being that when the form is submitted the script updates the personnel and then redirects back to itself.
Unfortunately, when I submit the form, instead of reloading the desired 'index.php?page=personnel' the script simply ads 'editpersonnel' to index.php so I end up with
index.php?editpersonnel
And by the way, none of the updates happen either...
Actually, it completely disregards everything after - if (isset($_GET['editpersonnel'])) - so I guess that's were the problem is...
Any ideas what might be causing such a behavior?
p.s.
Form is dynamically populated, so this is its page source:
Name:
Email:
Set password:
You need to use $_GET to be able to use something like that. Change your form's method to GET.
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="GET">
<input type="text" name="editpersonnel" />
<input type="submit" value="submit">
</form>
Something like that should work.
You are passing the form data by POST method and then trying to access them via GET
You have two possible solutions, see which one is more suitable for your case.
Change form method to GET
<form action="?editpersonnel" method="GET">
OR
Change access method in PHP to POST
if (isset($_POST['editpersonnel'])) {
... // update personell ...
header('Location: .');
exit();
}
I want to automate some tests on my webpage, mainly filling out forms with invalid data and see what happens. Is is possible with Javascript? If not, is it possible with PHP? The script should handle sessions and cookies.
Here is a very simple example that has 3 pages. In the first you should enter 'x' and click submit, in the second you should enter '3' and click submit. If that was successful the last page should show you "you got it!". Can that be automated so that I load a script and see the "you got it" right away? Please note: This has no cookies\sessions for simplicity, but I want an answer that dose support those.
I have tried making another page with iframe that includes the site above. But could not gain access to the elements inside the iframe
I have tried making an PHP script using cURL, that sends requests, but I could not forward cookies.
I have posted an comment on this answer but didn't get a reply.
For your convenience, here is the code: (you don't really need it, but just in case..)
index.html
<!DOCTYPE html>
<html>
First page: please enter x
<form method="post" action="next.php">
<input type="text" id="id" name="id" />
<input type="submit" />
</form>
<html>
next.php
<?php
if(isset($_POST) && isset($_POST['id']) && $_POST['id']!='x'){
echo '<script>window.location = "http://www.cs.bgu.ac.il/~kahilm/myNavigator/";</script>';
}
?>
<!DOCTYPE html>
<html>
Second page: please enter 3
<form method="POST" action="last.php">
<input type="text" name="code" />
<input type="submit" />
</form>
</html>
last.php
<?php
if(isset($_POST) && isset($_POST['code']) && $_POST['code']=='3'){
echo 'you got it!';
}else{
echo 'you sent something, please make it a "3"... :)';
}
?>
Consider the Selenium browser automation framework - it allows you to navigate through pages, verify conditions, fill in forms. Very stable, very mature.
http://seleniumhq.org/
You should look at programatically controlling a browser to perform this type of test. Selenium is a popular option, and has PHP bindings mentioned in the documentation (although I usually use Perl or Python).
PHP-based solution: Won't test from the front-end, only the server-backend, hence won't emulate real input.
JS: Will not persist across pages.
Hence, you are either looking for a browser-extension or a standalone utility separate from the browser entirely.
You could try:
Sikuli which however is generic, not targeted at web-pages, but at GUIs in general.
WatiN or Selenium
Is there anyway to redirect the user after posting a HTML form?
I have a form which looks like this
<form action="/URL/" method="post">
<input type="radio" name="answer" value="W" />W<br />
<input type="radio" name="answer" value="X" />X<br />
<input type="radio" name="answer" value="Y" />Y<br />
<input type="radio" name="answer" value="Z" />Z<br />
<input type="submit" />
</form>
Is there anyway I can redirect the user to a new page after they click the submit button? I found a bit of javascript however that seemed to stop the post from working :S
Cheers!
If you're using PHP, do it on the server:
if( isset( $_POST['answer'])) {
header( 'Location: http://www.example.com/newurl');
exit();
}
Note that you should be using a full URL in the header() call, and that you likely want to exit() after calling header() in this case.
You can use a simple php header('yourlocation.php'); to move them away from the form.
The PHP that your form action pointed to will still continue executing even if your header() is at the top of the php file.
The header redirect will take care of the user hitting refresh - it has already moved them past the point of sending form data, so even if they refresh, it will just open the page again sans any form submissions.
An example is as fololows:
<?php
/* This will give an error. Note the output
* above, which is before the header() call */
// Process Form Data, insert to database, whatever you want... then
header('Location: http://www.example.com/');
?>
The user then ends up at wwww.example.com and they can spam refresh as much as they like, but all the processing has already taken place. It won't resend the information (or process their payment again or anything else).
Yes, use a redirect header:
header("Location: http://new.location.com/w00t");
This must be called before any output is sent.
Take note that everything after the header call would still be executed! So you'll need die() or exit() afterwards to prevent unexpected results.
You can just simply specify URL to which form will go after being submitted.
<form action="http://localhost/redirected.php" method="post">
You can check with PHP whether form is submitted and then redirect:
if (isset($_POST['answer']))
header('Location: redirect.php');
And You can achieve this with javascript/jquery.
$('#submit_button').click(function () {
// do everything with variables
window.location = 'redirect.php';
});
Yep, just post the data using ajax and then use window.location = 'http://xxxx.com' to redirect user to location of your choice.
That's assuming you want to redirect user without using server-side location headers (like the other ones posted).
I have a search form on my site,
and I want to pass the text in the form to the URL,
like: mysite.com/search.php?q=apples (if search word was apples).
I figure that way people can bookmark their searches.
One solution I thought would be to catch the searchword in search.php and then reload into a new made URL. But it's not very elegant to reload like that. So how can I do it - I mean, how is it normally done? Do I need to use jQuery?
Clarification: I know how to get the vars from the URL in php. What I need is to control the URL that will be opened when the user presses SUBMIT, and the URL needs to contain the user's search word! Just like Google or DuckDuckGo, I put "apples" and the URL becomes ...?q=apples. But - how?! (Then I'll pick that up in the search.php, of course, but I know how to do that.) This is what I have now:
<div id="topnav">
<form action="search.php" method="post">
<input name="searchword" type="text">
<input type="submit">
</form>
Thank you so much.
Upon reading the clarification. What you need is a search form that submits to your search.php for example:
<form action="search.php" method="get">
<input type="text" value="search word" name="q" />
<input type="submit" value="submit" />
</form>
This will pass whatever value entered in the input named q to the search.php script.
If you post a HTML form which includes a text field with name 'q' and value 'apples' then the URL you want is automatically created by the browser. You definitely don't need JQuery for that.
how about using the POST-Redirect-GET pattern? [http://en.wikipedia.org/wiki/Post/Redirect/Get] also http://blog.andreloker.de/post/2008/06/Post-Redirect-Get.aspx
This would allow you to keep the url in the browser:
yoursite.com/search.php?q=apples
Alternatively, you can use javascript to set the location.hash of the url in the browser w/ the query information after the postback; I suspect this is actually what Google does.
eg,
yoursite.com/search.php#apples
So the form action would be search.php, the field would be called q and the method would be Get?
You should be able to handle all this from the html form if I'm understanding what it is you're trying to achieve.
if you have a form then must have declared form methoed POST/GET
in you search.php you can simply do this $_POST['name of the input field'] to get the word string,
and if you want to pass variable in url then you need to make a link through Link
I understand that I am able to use the POST method for URL parameters to display data according to a specific variable, I know how to make use of the GET method - but I am told that the POST method can be used to hide the part of the URL that is like this.
/data.php?parameter=1234
What is the actual difference of the two methods in terms of URL parameters?
Below is some code that fetches data from a database according to the id of a specific link
<?php
//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');
//This is the actual interaction with the database, according to the id.
$query = mysql_query("SELECT * FROM table WHERE id=" .$_GET['id'] . ";") or die("An error has occurred");
//This re-directs to an error page the user preventing them from viewing the page if there are no rows with data equal to the query.
if( mysql_num_rows($query) < 1 )
{
header('Location: 404.php');
exit;
}
//Here each cell in the database is fetched and assigned a variable.
while($row = mysql_fetch_array($query))
{
$id = $row['id'];
$title = $row['title'];
$month = $row['month'];
$day = $row['day'];
$photo = $row['photo'];
$text = $row['text'];
}
?>
On a separate page I generate links to the data.php file according to the ID like so:
<?php echo $content['title']; ?>
Forgetting that there are potential SQL injections that can occur through the above code, how would I go about making use of the POST method in order to hide the URL parameters, or at least not display them like this:
http://example.com/data.php?id=1
In order to use POST, you will need to use a <form> tag, and depending on how you are pulling up these URLs, it could be easier to use javascript to help out. Here's a basic example:
<form method="post" action="data.php">
<input type="hidden" name="parameter" value="1234" />
<input type="submit" value="Go" />
</form>
The Go button would POST the form data, and now in data.php you will be able to retrieve the value from $_POST['parameter']. Note that when using POST, you will probably want to redirect (HTTP 302) back to a page so that when a user hits the back button, the browser doesn't prompt to resubmit the form.
Using javascript, you could set the parameter input to a different value before posting the form.
Use method "POST" for your form. I had the same issue, just adding POST to the form removed the parameters from the URL
<form id="abc" name="abc" action="someaction.php" method="post">
<input type="text" id="username" name="username"/>
<input type="password" id="password" name="password"/>
<input type="submit" id="submit" name="submit" value="submit"/>
</form>
To POST values, a browser would have to use a form with method="post", or javascript simulating a form. Various developer tools (fireug, etc) can convert GET forms to POST forms, but generally, a form is what is required.
In theory GET requests should not have any side effects, and "should" be consistent from request to request. That is, the server should return the same content. In todays world of just about everything being dynamic, this might be of little practical design significance.
Whether you use GET or POST, the parameters will appear in $_REQUEST. The critical difference is that using POST allows the variables NOT to appear in URL history. This decreases the visibility of data such as passwords which you do not want to show up in URL history. To use POST instead of GET, simply produce <form method="POST" ...> in the document.
Even better is to store sensitive values (like user ids) in cookies, so that they don't appear in $_REQUEST at all. Since the contents of cookies are provided in extra HTTP request headers, not in the content, they are generally not stored as part of the history.
In order to use POST instead of GET, you would need to use an HTML form tag in your html, like so:
<form method="POST" action="/data.php">
<input type="hidden" name="parameter" value="1234" />
<button type="submit">Submit</button>
</form>
When submitted, your URL will just be /data.php and parameter=1234 will be in your (hidden) post buffer.
Make sense?
To do a POST, you have to use a form, or some javascript/ajax trickery. An <a> will only ever cause a GET request.
Note that POST requests can still have query parameters in the URL. It's not "normal" to have them, but they are allowed. The main difference being that with a GET request (ignoring cookies), the URL is the ONLY way to send parameters/data to the server. With POST, you can use both the URL, and the body of the POST request, which is where POSTed form data is normally placed.