s0c0 Posted August 21, 2007 Share Posted August 21, 2007 For sensitive information I've switched from a GET to an HTTPS POST for my http requests. Everything works fine, and thats what boggles my mind. My existing PHP code is set to handle GET requests, not POST requests. My JavaScript code looks like this: /* create a $_GET string strArr by looping through each form field */ var strArr = ""; for(i=0; i<document.posfrm.elements.length; i++) { strArr += document.posfrm.elements[i].name + '*' + document.posfrm.elements[i].value + '|'; } /* remove offensive characters from the $_GET string strArr */ var match="1"; while(match=="1") { if(strArr.match("#")) { strArr = strArr.replace("#", ""); match="1"; } else if(strArr.match("&")) { strArr = strArr.replace("&", ""); match="1"; } else { match="0"; } } /* $_GET url to be passed to PHP method via http request */ var url = "somePage.html?func=orderConfirmation&strArr=" + strArr; if(XMLHttpRequestObject) { XMLHttpRequestObject.open("POST", url); XMLHttpRequestObject.setRequestHeader('Content-type', 'application/x-www-form-urlencode'); XMLHttpRequestObject.onreadystatechange = function() { if (XMLHttpRequestObject.readyState == 4 && XMLHttpRequestObject.status == 200) { try { var txtDocument = XMLHttpRequestObject.responseText; validationDiv.style.height = 'auto'; validationDiv.style.border = '1px solid #000'; validationDiv.innerHTML = txtDocument; } catch(err) { progressDiv.innerHTML = ''; alert("Error submitting order"); } } } XMLHttpRequestObject.send(null); } } Now my PHP code looks like this: /* GET requests: determine what function the XMLHttpRequestObject requested */ if($_GET[func]) { switch ($_GET[func]) { case 'orderConfirmation': echo $T_POS_DEV->returnOrderConfirmation(urlencode($_GET[strArr])); break; } return; } How does this work if I am posting? Just trying to understand this stuff a little better, thanks. Quote Link to comment Share on other sites More sharing options...
1andyw Posted August 22, 2007 Share Posted August 22, 2007 This line may need a tweak: XMLHttpRequestObject.send(null); Here's an explanation: http://www.xul.fr/en-xml-ajax.html#ajax-post[\url] Andy Quote Link to comment Share on other sites More sharing options...
s0c0 Posted August 22, 2007 Author Share Posted August 22, 2007 Andy, I'm not sure I understand. The line of code you pointed out comes after the response so how does this affect anything? From the page you post, it looks as if I should be using this: xhr.send(data); after declaring the content-type, but the page appears a bit skimpy on its explanation. Got that particular way of making such a request from some out-date book at the library Quote Link to comment Share on other sites More sharing options...
s0c0 Posted August 22, 2007 Author Share Posted August 22, 2007 Figured out the problem. I was not doing a true POST. My JavaScript code was executing an HTTP POST, but the URL I was posting to contained all the old URL strings. So it posted nothing and when my PHP code saw all those GET values it got excited and did its thing. I've now fully switched over and things are working great. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.