Activity Stream
Quick Links
48,167 MEMBERS
6886 ONLINE
Register Now
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Results 1 to 3 of 3
  1. 24th Apr 2012, 02:37 PM
        
    #1
    NewBiee is offline
    OP
    NewBiee
    Member

    Default Get to Post (PHP)

    Hi, I'm recently having problems using Get because it shows a lot of vulnerabilities. What I need now is how do I work around this sample code?

    PHP Code: 
    <?php header("refresh:2;url=client_view.php?un=$un"); } ?>
    So basically, it refreshes to the url xxx/client_view.php?un=$un
    so I'm using to get the values of $un usting the GET method. Because of this, there would be a lot of vulnurabilites.

    How do make my way to send the $un to client_view.php without using GET but POST and also, it don't want it to have buttons to submit one.
    NewBiee Reviewed by NewBiee on . Get to Post (PHP) Hi, I'm recently having problems using Get because it shows a lot of vulnerabilities. What I need now is how do I work around this sample code? <?php header("refresh:2;url=client_view.php?un=$un"); } ?> So basically, it refreshes to the url xxx/client_view.php?un=$un so I'm using to get the values of $un usting the GET method. Because of this, there would be a lot of vulnurabilites. How do make my way to send the $un to client_view.php without using GET but POST and also, it Rating: 5
    Reply With QuoteRegister To Reply Ping this articlePing

    2.   Sponsored Links

  2. 24th Apr 2012, 06:21 PM
        
    #2
    MarPlo is offline
    MarPlo
    Member
    Website's: 
    
CoursesWeb.net
MarPlo.net
    Hi,
    You can use cUrl to send data via POST from php to an url address, and then to get the response.
    You can find on the net details about cUrl.
    Or, you can add the value of $un into a SESSION, then, in client_view.php you get that value from SESSION.
    Reply With QuoteRegister To Reply
  3. 24th Apr 2012, 06:39 PM
        
    #3
    Putin is offline
    Putin
    Member
    both POST and GET have the same amount of vulnerabilities ... it's just POST requires TamperData or a URLSnooper addon to change the POST'd data.

    anyway, you cannot 'refresh' or 'location' via php headers to POST data .. you'd have to use a HTML form with the method set to POST and use javascript to autosubmit it (as I assume you want to autosubmit it since your PHP script is refreshing).

    Edit: like marplo suggested, the best way to make it not vulnerable is to store the GET into a SESSION rather so it's not visible / tamperable by the front-end user (since it'd be handled server-side).

    POST is user-side just like GET - so SESSION would be your best solution.
    Reply With QuoteRegister To Reply
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Advance Post Generator 1.2.5 Beta (With Post Type)
    By WaReZ in forum Webmaster Resources
    Replies: 21
    Last Post: 21st Jun 2012, 12:35 PM
  2. Correction!!Rapid Post Creator!!Free!!Create Your Post Very Fast!!!735 Kb
    By senorweb in forum Webmaster Resources
    Replies: 11
    Last Post: 21st May 2011, 01:08 PM
  3. Rapid Post Creator!!Free!!Create Your Post Very Fast!!!735 Kb
    By senorweb in forum Webmaster Resources
    Replies: 1
    Last Post: 16th May 2011, 04:53 PM
  4. Advance Post Generator 1.2 (IMDB Grabber | Dual Output | Preview Post)
    By WaReZ in forum Webmaster Resources
    Replies: 15
    Last Post: 30th Apr 2011, 06:05 PM
  5. Advance Post Generator 1.1 (IMDB Grabber | Posting Buttons | Save Post)
    By WaReZ in forum Webmaster Resources
    Replies: 27
    Last Post: 30th Apr 2011, 06:05 PM

Tags for this Thread

BE SOCIAL
FAQ | SITEMAP
Copyright ® 2008 - 2015 besthostingforums.com
Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.
BestHostingForums.com is a great place to learn about Internet Marketing Online, SEO Techniques, Search Engine Marketing and resources for Web Development.