POST data in a link..

[Cless]

Hello.

 

Is it possible to to send POST data if you click a link? Such as, using a link to replace a submit button. A submit button usually has a value. (value=""). Could you do this in a link?

 

Thanks.

[akitchin]

sending parameters via URL (which is the only really feasible way to submit information by link) will result in a GET request rather than a POST request.  POST requests result either from painstakingly built manual HTTP headers, cURL usage, or through a plain old form.

 

if you simply seek to use a link as a form submission method as opposed to a submit button, it's possible with javascript.  in hinging on javascript for form submission, however, you alienate anyone with javascript disabled or unsupported.

[Cless]

Hmm, I see. The thing is, I need to make it so when a person clicks a link, it changes a row in a certain table... the only way I know how to do that is using values, checking if that value is set, execute the action, and the sort. If I use GET, they will be able to change the link to get to a certain place, which I do not want... >_> With POST, you can just stay on one page.

[akitchin]

well then your options are to use a link to submit a form POSTwise with javascript, or you'll just have to be careful what kind of access you give out for URL values.  if you're keeping the user on your site the whole time, you COULD set a hash in their SESSION array on the page you generate the link, send that along with the link, and verify that they match.  this would avoid anyone from accessing your update link from anywhere apart where you generate it:

 

page_before.php:

 

if (!isset($_SESSION['hash_check']) || empty($_SESSION['hash_check']))
{
  $_SESSION['hash_check'] = md5(mt_rand());
}

// generate/echo the link with the update information and their hash check

 

update_page.php:

 

if (isset($_SESSION['hash_check']) && isset($_GET['hash_check']) && $_SESSION['hash_check'] = $_GET['hash_check'])
{
  // kill the hash_check in the session so that if they try again, they can't use the same hash - they'll have to visit the other page again
  // do the update
}
else
{
  // don't do the update
}

 

you'll need to make sure you're propagating sessions using session_start(); throughout the site.  keep in mind this doesn't necessarily stop anyone from simply grabbing their hash from the generated link and replacing the row update info with their own - all it does is force them to use the page_before.php in order to access your update form.

 

you can keep people on the same page with GET as well, except that you're checking for GET request info before updating rather than using POST.

[Cless]

Oh. Great. Thank you. I will try it out later. I've gotta get going. ;p