Jump to content

POST data in a link..

Cless

By Cless
in PHP Coding Help

 Share

Recommended Posts

akitchin Regular Member

akitchin

Posted
Posted

sending parameters via URL (which is the only really feasible way to submit information by link) will result in a GET request rather than a POST request.  POST requests result either from painstakingly built manual HTTP headers, cURL usage, or through a plain old form.

 

if you simply seek to use a link as a form submission method as opposed to a submit button, it's possible with javascript.  in hinging on javascript for form submission, however, you alienate anyone with javascript disabled or unsupported.

Link to comment
Share on other sites
Cless Regular Member

Cless

Posted
  • Author
Posted

Hmm, I see. The thing is, I need to make it so when a person clicks a link, it changes a row in a certain table... the only way I know how to do that is using values, checking if that value is set, execute the action, and the sort. If I use GET, they will be able to change the link to get to a certain place, which I do not want... >_> With POST, you can just stay on one page. :D

Link to comment
Share on other sites
akitchin Regular Member

akitchin

Posted
Posted

well then your options are to use a link to submit a form POSTwise with javascript, or you'll just have to be careful what kind of access you give out for URL values.  if you're keeping the user on your site the whole time, you COULD set a hash in their SESSION array on the page you generate the link, send that along with the link, and verify that they match.  this would avoid anyone from accessing your update link from anywhere apart where you generate it:

 

page_before.php:

 

if (!isset($_SESSION['hash_check']) || empty($_SESSION['hash_check']))
{
  $_SESSION['hash_check'] = md5(mt_rand());
}

// generate/echo the link with the update information and their hash check

 

update_page.php:

 

if (isset($_SESSION['hash_check']) && isset($_GET['hash_check']) && $_SESSION['hash_check'] = $_GET['hash_check'])
{
  // kill the hash_check in the session so that if they try again, they can't use the same hash - they'll have to visit the other page again
  // do the update
}
else
{
  // don't do the update
}

 

you'll need to make sure you're propagating sessions using session_start(); throughout the site.  keep in mind this doesn't necessarily stop anyone from simply grabbing their hash from the generated link and replacing the row update info with their own - all it does is force them to use the page_before.php in order to access your update form.

 

you can keep people on the same page with GET as well, except that you're checking for GET request info before updating rather than using POST.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.