Redirect with POST variables

[pentan]

I couldn't find anything in past posts so apologies if this has been answered before.  How can I set up, using PHP alone, a redirect to an outside page with POST variables attached?  I've looked at cURL and the header() function and can't find any way to do it. 

 

Thanks,

Michael

[The Little Guy]

could you please give an example?

[947740]

Post variables only work on the page right after the form submission.  You would have to use sessions to pass the variables along to subsequent pages.

[ryanhowdy]

Something like this?

 

if (isset($_POST['your_post_var'])) {
  echo "<meta http-equiv='refresh' content='0;URL=yahoo.com'>";
}

[JasonLewis]

No, you could have an exact replica of the form on the page but make all the fields hidden. Then using javascript and the body's onload you can submit this form whose action is the outside page. Could work.

[pentan]

I need to avoid sending any of the post data to the browser due to security concerns.  So I want to do something like:

 

$var2post="big=ben&tom=jerry";

 

header( location: "https://www.outsidesitethatidontcontrol.com",$var2post);

 

 

I'm not seeing any curl function that will redirect after posting the variables to the remote site. 

 

Michael

[haku]

Use this to redirect to the remote site:

 

header( location: "https://www.outsidesitethatidontcontrol.com" . $var2post);

 

Then on the remote site you can access those variables using $_GET['big'] and $_GET['tom'].

[The Little Guy]

you are both wrong, the quotes need to be around the location: too, so it would/could look like this:

 

<?php header( "location: https://www.outsidesitethatidontcontrol.com".$var2post);?>

[haku]

My bad, I just copied his code and changed the comma.

[pentan]

Again, it needs to be POST variables, not GET variables.

 

Michael

[TecBrat]

can you not just point the form's action to the offsite page? (unless you need to do something with the values first.)

[haku]

I've never tried it, but maybe you could set the action of the form as being the remote address.

 

Other than that, why does it have to be post and not get?

[DarkWater]

POST holds more data and is more secure.  I think it can be done with cURL.  Read up on cURL in the PHP manual.

[haku]

Post cannot and should not be considered as secure. While POST is more secure than GET, in that you cannot see the variables in the URL, it's still easily manipulated by someone who knows what they are doing (and those are most likely the people that the OP is attempting to protect against).

 

I still don't see the problem with GET for this situation - send the variables to the remote server using GET, then GET them, process them, and redirect the page so that they are not visible anymore.

[DarkWater]

@haku, I know, it's just slightly more secure than GET.  I tamper with POST data all the time on sites to see how they work.  Rather fun. =)