>>header("Location http://www.domain.net/script.php? >>fsi=dgfs&login=password=refergf4";) >> >Don't forget your colon after "Location" in the function call. Browsers >might be able to interpret it anyway, but it's wrong and might break >somewhere. > >>The problem is this redirection is being done with the GET method, so >>all query string will be shown. How can I make this redirection use the >>POST method? >> >You can't. This "redirection" is just a way of informing the browser >that it needs to to to the location identified in the "Location" header >to receive the content it desires. Even if a POST method was used in the >request, the GET method will be used in all 300 range responses.
I don't even know what you're trying to say here... But I don't think any of the 3xx responses give a damn whether it's GET or POST data coming in a priori. Not saying you couldn't hack your PHP or your server to do something different and return something other than 3xx based on a GET or POST request, mind you. >>Anybody know of an easy hack? I know there is a way but that requires me >to re-compile PHP , which I >>cant do. >> >I'm guessing the "way" you speak of is having the server do the POST >itself using a PHP extension. This isn't the same thing. You can't >exactly *force* the browser to submit a POST request. It's a good thing. :) And this is patently false. You send the right data to a web-server, and it looks like a POST, and that's what you got. Spew that out to the browser, and there it is... Oh. Okay, no, the Location bar will still show your URL, not the destination URL. I see what you mean... I think the guy just wants the POST data and doesn't care what the user sees in the Location box... If I'm wrong on that score, apologies all around :-) If you just want the damn thing to work, and it requires that you POST to the other page/server/URL, read on. Dig out Rasmus' old "posttohost" function written in PHP about, oh, 4, 5 years ago, or look in http://upperdesign.com for the solutions involving POST but not SSL (cURL is only *needed* when you need SSL, really). A Google for "posttohost and 'Rasmus Lerdorf'" ought to turn it up. At least it did the last time I answered this question... :-) Essentially you fsockopen to port 80 on the other guy's web-server, spew the right HTTP request at it, and you've done a POST. End of story. POST is no more secure, no more "tricky" and no more magical than GET. It's just that any idiot can see the URL in their browser and figure out GET, and you have to actually read some documentation to figure out POST. But it really ain't any different when you start looking at it from the perspective of making the web-server turn over and do tricks. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php