Can i send for example a string or another piece of information to another .php file without it being exposed [thus not by GET but by POST conform to what i know] without using a form?
A:
You could use AJAX to send a POST request if you don't want forms.
Using jquery $.post method it is pretty simple:
$.post('/foo.php', { key1: 'value1', key2: 'value2' }, function(result) {
alert('successfully posted key1=value1&key2=value2 to foo.php');
});
Darin Dimitrov
2010-09-23 17:22:45
how do i do that?
Samuel
2010-09-23 17:25:52
That is javascript. AJAX = Asynchronous Javascript And XML
Gazler
2010-09-23 17:26:57
@Samuel, now if you say that no javascript is allowed then things become rather impossible :-)
Darin Dimitrov
2010-09-23 17:29:16
I didn't know AJAX was Javascript and I can't really use Javascript
Samuel
2010-09-23 17:30:42
What can you use in fact? Are you developing a web site or something else because saying that you cannot use forms and javascript seems like you start with a great handicap in web development from the beginning? Is it because technically you don't know javascript or there's some other reason?
Darin Dimitrov
2010-09-23 17:31:48
i can't use javascript for core functions and i was looking for ways to pass along information without forms, i could maybe use hidden forms but i was looking for a more elegant way (i completely forgot about sessions)
Samuel
2010-09-23 17:38:35
+1
A:
If you don't want your data to be seen by the user, use a PHP session.
Data in a post request is still accessible (and manipulable) by the user.
Checkout this tutorial on PHP Sessions.
Stephen Holiday
2010-09-23 17:24:44
this not a good soloution, also if the author accepted this as a workaround. also sessions are way easier to hijack than manupilating a post request (ie. by a "man in the middle" attack)
zolex
2010-09-23 18:17:32
Why is this a bad solution? Perhaps Samuel's process is such that hijacking the session is not an issue. The only way to truly solve session hijacking (in a unobtrusive way) is using SSL for all session related requests. If Samuel was worried about the data being leaked, he should use SSL.
Stephen Holiday
2010-09-23 18:30:43
@zolex, what is so difficult about intercepting post data? Sitting in a coffee shop with WireShark running is all you need to hijack POST data. Recreate the request with cookies and post data, and you are good to go. If you consider sessions to be a bad solution, then SSL is the only good solution.
Stargazer712
2010-09-24 18:44:59
classical user-fail when sending sensitive data from a coffee shop ;) and btw, the question was how to send post data with php, to not expose the data in the url so ie. it wont get logged by the webserver etc. i think this was the main purpose... my answer really answers teh question and does not provide some overhead workaround like yours. well if he's fine with that. KISS ;)
zolex
2010-09-25 00:25:19
A:
have a look at the php documentation for theese functions you can send post reqeust using them.
fsockopen()
fputs()
or simply use a class like Zend_Http_Client which is also based on socket-conenctions.
also found a neat example using google...
zolex
2010-09-23 18:16:01