Client-side validation and subsequent re-posting to another host?

[Goose68]

Hi All... 1st post! [img src=\"style_emoticons/[#EMO_DIR#]/laugh.gif\" style=\"vertical-align:middle\" emoid=\":laugh:\" border=\"0\" alt=\"laugh.gif\" /]

I have a little problem I'm trying to figure out so let me lay it out here for ya.

I have my own php Form A, which posts to php Script B. Script B validates the fields and makes some decisions and then either 1) does a 'header: location' back to Form A if validation fails, or 2) dumps the stuff into a local DB and then 'header: location' to Thank You page. I am using Sessions so that I can re-populate the form fields with their original entries if the form validation fails.

That all works fine.

Recently, things have changed and I now have to post my data to an EXTERNAL host, using a regular POST method. I thought that I could just keep things as they are, POSTing to my local Script B and doing validation, and then just re-POST the data from my Script B (action) page to this External host instead of writing to my local DB. However now that Im digging into it, Im at a loss.

I can't really find much on this, though doing searches returns lots of stuff on 'reposting form data' and how to KEEP it from happening... and they dont exactly apply to my case, as far as i can determine.

Can anyone give me a clue as to how exactly I go about doing this the RIGHT WAY?

Options I can see are:

1) Possibly doing the 'header: location' on Script B page to re-direct the form POST to external host. Supposedly possible by sending a ... header("HTTP/1.0 307 Temporary redirect"); [per php.net's comments]. But it also mentions that if you have to do this your code may need looking at.
Haven't tried this, but don't want to go this route if its a bit "No No"

2) Maybe I can Execute and external wget or something to initiate a new 'POST' request but somehow passing in the same post data? Not sure if this is even doable, because im not sure how to code the raw POST request yet...

3) Throwing out my whole PHP setup... Re-doing all my Server-side validation with client-side Javascript validation, and doing a normal POST to external host straight from the original form.
This is NOT what I want to do, because its the most work and I don't have time to do it by the time this is due. However, if this is the only "right" way to do this, I will reconsider this option.

Anything else I can do? Or confirm one of the above approaches?

Thanks for any help.

[.josh]

you would do it like you normally would, except in the form action just put the url of the target hostname:

[a href=\"http://www.somesite.com/form.html\" target=\"_blank\"]http://www.somesite.com/form.html[/a]
[code]
<form action = 'http://www.someothersite.com/blah.php' method = 'post'>
   <input type = 'text' name = 'test'>
</form>
[/code]

[a href=\"http://www.someothersite.com/blah.php\" target=\"_blank\"]http://www.someothersite.com/blah.php[/a]
[code]
$test = $_POST['test'];
echo $test;
[/code]

[Goose68]

Yes... but that would be my Option 3, yes? Throwing out all my [local] server-side validation code and having to rewrite all that in Javascript client side... Im trying to avoid this.

Is that my best option here?

Is there another way, either options 1 or 2 (in my OP), or an even better way, which allows me to keep my existing setup and just re-post the data to the external host?

I currently cannot just change the action='URL' because that is the URL for my validation php file... its AFTER that validation file gets the POST that I need to re-POST the data to the external domain.

[.josh]

only thing i can think of is redirect to the external url in your validation script using the header function but pass the vars in the url and retrieve them using $_GET but that's not exactly secure...

what i don't understand is... why are you doing this again? if you have access to this target site, why not just put all of the script over there, and do an automatic redirect to your forms to that new site? in other words, I'm not sure i really understand you when you say

"Recently, things have changed and I now have to post my data to an EXTERNAL host, using a regular POST method."

or.. if you need to store data in a db on another server, you can also access the info from the first server, by changing the host name from 'locahost' to the host db address. you have to set the target server to allow external access tho...

[Goose68]

ah, yes... the reason is this...

While the forms currently post only to our local database (completely under my control) the data now has to post to an externally hosted CRM (namely Salesforce.com). Now, the only way for me to get data to them is just a regular POST and thats it, no code, and the return URL is back on my server.

I can't move my validation code over to their side. All validation / processing needs to be done before I post it to them. So I'm basically left with either figuring out how to re-post, or having to do all my validation via javascript and make the inital post straight to their servers.

So this is basically me trying to get my form data into their lead bucket without re-doing everything on my side a completely different way.

... definately don't want to do a subsequent GET... mostly because I think the data would exceed the QS parameter length limit...

Let me know if Im missing something simple here...

and thanks for your replies thus far.

[.josh]

umm.. okay, using some javascript, I THINK this might work:

okay, let's assume here that you get the user's info or whatever, and you need to update your own database, and then send the info to this 3rd party. So in your own update or process script, after you update your own database, let's assume one of the variables is the user's name, and let's say it's stored in $name. so after the update, you could do this:

[code]
$sendinfo = "<form name='formblah' method='POST' action='http://www.othersite.com'>";
$sendinfo.="<input type='hidden' name='variabletosend' value=''>";
$sendinfo.="</form>";
$sendinfo.="<script type='text/javascript' language='JavaScript'>";
$sendinfo.="document.formblah.variabletosend.value = " . $name . ";";
$sendinfo.="document.formblah.submit();";
$sendinfo.="</script>";

echo $sendinfo;
[/code]

Basically what we are attempting to do is, after you were to update your own database, instead of printing a thank you message or a header redirect to some thank you page or something, we will make another form with hidden inputs with the variable names that are accepted by the other site (listed here as 'variabletosend'), then use a bit of javascript to "fill out" this hidden form, and then automatically submit the form to othersite.com.

frankly, i have no idea if this will actually work. my javascript is shady at best, so i don't know if this is allowed or not... let me know!

[.josh]

hey sorry, I think it really does work! but i made a typo with some quotes:

[code]
$sendinfo = "<body><form name='formblah' method='POST' action='http://www.othersite.com/'>";
$sendinfo.="<input type='hidden' name='variabletosend' value=''>";
$sendinfo.="</form>";
$sendinfo.="<script type='text/javascript' language='JavaScript'>";
$sendinfo.="document.formblah.variabletosend.value = '" . $name . "';";
$sendinfo.="document.formblah.submit();";
$sendinfo.="</script></body>";

echo $sendinfo;
[/code]

[Goose68]

Hi again Crayon,

Well I didnt want to just leave this hanging since you tried to help. I found this page which ended up being just what I needed...

[a href=\"http://www.faqts.com/knowledge_base/view.phtml/aid/15705\" target=\"_blank\"]http://www.faqts.com/knowledge_base/view.phtml/aid/15705[/a]

if you read through this I needed/used method 2b (the second 'by hand' POST method described). It works great and gives me total control over what happens before/after.

Thanks again and hopefully that link is useful to you as well.