Re: [PHP] Passing vars w/refresh w/register globals off?
Well first off all it is possible to post and get at the same time. Dont know why you want to, but its kinda easy really : Example : form name=myform action=myscript.php?get1=aget2=b method=post input type=hidden name=jalla value=balla /form You can submit this form several ways, with ordinary submit button, or with javascrip submit. If you really want to keep serving variables that shouldnt be visble in the browser or in the html kode I guess the only way would be using cookies. But if the variables are defined by the users input / behavior there is surely the need of showing the variables one place or another. You mentioned that there were up to a 100 variables to be passed here. Was that pr user or in total? Sending like a 100 variables with GET would be a bad idea all together, since there are limits on how many caracters the URL can hold. Some years ago alot of browsers had a limit on 128 characters, this is imporved by the years but still the only way to feed long sets of data is through post. If all your variables can be stored on the server, assigning a unique ID to the session would make you able to store everything in the database as someone mentioned earlier. This wasy all you need is pass the ID within the browser. By checking the ID against the unique session on the server you will also eliminate tampering with the data. Webpages that has like a 100 hidden fields doesnt look very professional, but hey - it works. The other thing is that forms can also talk with eachother nicely, what I mean is that you can share the informastion with the help of javascript. Storing all the information you need for later in a form somewhere in the html page, then when you build the refresh url you just pick out the data you want to use from the different form elements (document.form.variable.value). I still havnt quite understood what you are accually asking for here, but hey, it seems like you dont know yourself, hehe -- Kim Steinhaug --- There are 10 types of people when it comes to binary numbers: those who understand them, and those who don't. --- Floyd Baker [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 18 Jan 2002 18:13:50 +0800, you wrote: On Friday 18 January 2002 04:11, Floyd Baker wrote: Yes. I was using the url to pass variables without a form. It looks like the javascript idea would cover that now that you remind me. I've used it before to refresh two frames at once. But even so I'd rather not go that way if at all possible. I'd like to stay within php's ability. Not being able to POST and GET is a 'limitation' of HTTP not PHP. Not knowing what I'm talking about for sure but is there no way of putting a variable into the 'post' status or condition, prior to being redirected, without actually using a form? Only be using a form will you be able to POST. Thanks for the idea though. It'll work if nothing else. :-) Up to now we (I?) still don't know exactly what you're trying to do. Maybe if you could tell us what you're doing and if appropriate post some code, then we could see if there is another solution to your problem. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* I am just a nice, clean-cut Mongolian boy. -- Yul Brynner, 1956 */ This should be fairly standard. Filling out a form and using a recursive call and if/then, to bring the variables around to a case switch for routing to desired pages according to form input data. if 'completed = y ( switch case get to go here case get go there ) else ( post to /this page form submit ) This draft does work but I don't like the visible url variables. Of course in addition we have all the fields passed by the form post that were used as required on switch case and receiving pages... Now we need to REQUEST every one. That's fine for the sake of the security but now it's beneficial to get into arrays, etc. to keep script shorter and easier to maintain. More learning. Always good. 4.1 is pushing me. :-) The solutions look more involved than my poor coding has been til now. We need to put more things into function form maybe, instead of passing between separate pages. I'm probably still out in left field with a lot of this *visualizing* but it's coming. And always good to talk it out. Can you tell me if it's possible to run 4.03 and 4.1 *both* on the same machine? I'm thinking the old script would be php3 and the new stuff php4. Is that something that could be done until the old scripts are upgraded? Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passing vars w/refresh w/register globals off?
On Friday 18 January 2002 04:11, Floyd Baker wrote: Yes. I was using the url to pass variables without a form. It looks like the javascript idea would cover that now that you remind me. I've used it before to refresh two frames at once. But even so I'd rather not go that way if at all possible. I'd like to stay within php's ability. Not being able to POST and GET is a 'limitation' of HTTP not PHP. Not knowing what I'm talking about for sure but is there no way of putting a variable into the 'post' status or condition, prior to being redirected, without actually using a form? Only be using a form will you be able to POST. Thanks for the idea though. It'll work if nothing else. :-) Up to now we (I?) still don't know exactly what you're trying to do. Maybe if you could tell us what you're doing and if appropriate post some code, then we could see if there is another solution to your problem. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* I am just a nice, clean-cut Mongolian boy. -- Yul Brynner, 1956 */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
On Fri, 18 Jan 2002 18:13:50 +0800, you wrote: On Friday 18 January 2002 04:11, Floyd Baker wrote: Yes. I was using the url to pass variables without a form. It looks like the javascript idea would cover that now that you remind me. I've used it before to refresh two frames at once. But even so I'd rather not go that way if at all possible. I'd like to stay within php's ability. Not being able to POST and GET is a 'limitation' of HTTP not PHP. Not knowing what I'm talking about for sure but is there no way of putting a variable into the 'post' status or condition, prior to being redirected, without actually using a form? Only be using a form will you be able to POST. Thanks for the idea though. It'll work if nothing else. :-) Up to now we (I?) still don't know exactly what you're trying to do. Maybe if you could tell us what you're doing and if appropriate post some code, then we could see if there is another solution to your problem. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* I am just a nice, clean-cut Mongolian boy. -- Yul Brynner, 1956 */ This should be fairly standard. Filling out a form and using a recursive call and if/then, to bring the variables around to a case switch for routing to desired pages according to form input data. if 'completed = y ( switch case get to go here case get go there ) else ( post to /this page form submit ) This draft does work but I don't like the visible url variables. Of course in addition we have all the fields passed by the form post that were used as required on switch case and receiving pages... Now we need to REQUEST every one. That's fine for the sake of the security but now it's beneficial to get into arrays, etc. to keep script shorter and easier to maintain. More learning. Always good. 4.1 is pushing me. :-) The solutions look more involved than my poor coding has been til now. We need to put more things into function form maybe, instead of passing between separate pages. I'm probably still out in left field with a lot of this *visualizing* but it's coming. And always good to talk it out. Can you tell me if it's possible to run 4.03 and 4.1 *both* on the same machine? I'm thinking the old script would be php3 and the new stuff php4. Is that something that could be done until the old scripts are upgraded? Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
On Thu, 17 Jan 2002 07:06:50 +0200, you wrote: What do you mean by 'hidden'? If you're talking about a hidden form input, how can it not be post? Bogdan Just saying I've tried it. Figured it wouldn't work but wasn't sure how 'refresh' might relate to 'post'. Post passing works fine with $_request on the other end but I've got a lot of this refresh kind of passing that doesn't work, and not sure how best to fix it. I don't want to rewrite the entire method to not include refresh. :- Floyd Floyd Baker wrote: Hi.. Got 4.1.1 going and think it's going to work fine. Except for this. A form calls itself and then uses the menu selection to route through a switch to various refresh redirects... 'Hidden' isn't working and it's not post, get, cookie, etc. Can it be done? TIA Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
On Friday 18 January 2002 00:41, Floyd Baker wrote: On Thu, 17 Jan 2002 07:06:50 +0200, you wrote: What do you mean by 'hidden'? If you're talking about a hidden form input, how can it not be post? Bogdan Just saying I've tried it. Figured it wouldn't work but wasn't sure how 'refresh' might relate to 'post'. Post passing works fine with $_request on the other end but I've got a lot of this refresh kind of passing that doesn't work, and not sure how best to fix it. I don't want to rewrite the entire method to not include refresh. :- If they are refresh redirects as in using the META tags then you're not going to get any form (POST) data. Perhaps you can elaborate on what you're trying to do. And if appropriate, post some code. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* Sorry, no fortune this time. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
On Fri, 18 Jan 2002 01:03:19 +0800, you wrote: On Friday 18 January 2002 00:41, Floyd Baker wrote: On Thu, 17 Jan 2002 07:06:50 +0200, you wrote: What do you mean by 'hidden'? If you're talking about a hidden form input, how can it not be post? Bogdan Just saying I've tried it. Figured it wouldn't work but wasn't sure how 'refresh' might relate to 'post'. Post passing works fine with $_request on the other end but I've got a lot of this refresh kind of passing that doesn't work, and not sure how best to fix it. I don't want to rewrite the entire method to not include refresh. :- If they are refresh redirects as in using the META tags then you're not going to get any form (POST) data. Perhaps you can elaborate on what you're trying to do. And if appropriate, post some code. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* Sorry, no fortune this time. */ Jason. The thing is, I *was* using GET in the refresh line and I guess I wasn't saying that. Moreover I want to pass passwords in the same transfer but obviously letting them show up in the url is not cool... My question should be more like, how can one pass variables in a way that doesn't use a form but is still secure? And thanks too for asking. I hope everyone understands that even questions make it easier for a person to focus their thoughts. I hate to ask dumb questions, or put things the wrong way, but the problem is I don't know they're dumb at first. One little question I didn't think to ask myself can make it all come clear. Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Passing vars w/refresh w/register globals off?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 you could save the password to a database, associated with an ID number, then pass the ID number. DATABASE: - id| password 12345 | blah$$ URL: form.php?id=12345 - Scott Hurring - Internet Programmer GraphicType Services tel: 973.667.9486 web: http://www.graphictype.com/ pgp: http://graphictype.com/scott/pgp.txt - -Original Message- From: Floyd Baker [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17, 2002 1:36 PM To: Jason Wong Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP] Passing vars w/refresh w/register globals off? On Fri, 18 Jan 2002 01:03:19 +0800, you wrote: On Friday 18 January 2002 00:41, Floyd Baker wrote: On Thu, 17 Jan 2002 07:06:50 +0200, you wrote: What do you mean by 'hidden'? If you're talking about a hidden form input, how can it not be post? Bogdan Just saying I've tried it. Figured it wouldn't work but wasn't sure how 'refresh' might relate to 'post'. Post passing works fine with $_request on the other end but I've got a lot of this refresh kind of passing that doesn't work, and not sure how best to fix it. I don't want to rewrite the entire method to not include refresh. :- If they are refresh redirects as in using the META tags then you're not going to get any form (POST) data. Perhaps you can elaborate on what you're trying to do. And if appropriate, post some code. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* Sorry, no fortune this time. */ Jason. The thing is, I *was* using GET in the refresh line and I guess I wasn't saying that. Moreover I want to pass passwords in the same transfer but obviously letting them show up in the url is not cool... My question should be more like, how can one pass variables in a way that doesn't use a form but is still secure? And thanks too for asking. I hope everyone understands that even questions make it easier for a person to focus their thoughts. I hate to ask dumb questions, or put things the wrong way, but the problem is I don't know they're dumb at first. One little question I didn't think to ask myself can make it all come clear. Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA/AwUBPEccKsaXTGgZdrSUEQIFuwCfZOI5Ct1iozF86nS3/MziIRo6UlMAoIUb qZV9tkmSWBOXkiqBkE5TwfFe =qb1c -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
On Friday 18 January 2002 02:36, Floyd Baker wrote: The thing is, I *was* using GET in the refresh line and I guess I wasn't saying that. Moreover I want to pass passwords in the same transfer but obviously letting them show up in the url is not cool... If I understand you correctly you're trying to pass variables via the url (GET), and at the same via a form (POST)? If so, then I'm afraid that's impossible. My question should be more like, how can one pass variables in a way that doesn't use a form but is still secure? I'm presuming that you don't want to use a form because you need the META tag refresh thing. If by 'secure' you mean that it's not visible on the url then you *could* use a form. Just use a bit of Javascript to automatically submit the form. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* The clothes have no emperor. -- C.A.R. Hoare, commenting on ADA. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
On Fri, 18 Jan 2002 03:39:21 +0800, you wrote: On Friday 18 January 2002 02:36, Floyd Baker wrote: The thing is, I *was* using GET in the refresh line and I guess I wasn't saying that. Moreover I want to pass passwords in the same transfer but obviously letting them show up in the url is not cool... If I understand you correctly you're trying to pass variables via the url (GET), and at the same via a form (POST)? If so, then I'm afraid that's impossible. My question should be more like, how can one pass variables in a way that doesn't use a form but is still secure? I'm presuming that you don't want to use a form because you need the META tag refresh thing. If by 'secure' you mean that it's not visible on the url then you *could* use a form. Just use a bit of Javascript to automatically submit the form. Yes. I was using the url to pass variables without a form. It looks like the javascript idea would cover that now that you remind me. I've used it before to refresh two frames at once. But even so I'd rather not go that way if at all possible. I'd like to stay within php's ability. Not knowing what I'm talking about for sure but is there no way of putting a variable into the 'post' status or condition, prior to being redirected, without actually using a form? Thanks for the idea though. It'll work if nothing else. :-) Floyd -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* The clothes have no emperor. -- C.A.R. Hoare, commenting on ADA. */ -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
On Thu, 17 Jan 2002 13:47:06 -0500, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 you could save the password to a database, associated with an ID number, then pass the ID number. DATABASE: - id| password 12345 | blah$$ URL: form.php?id=12345 I've done something like that in another situation. Wrote to a flat file and then read from it in the action page. If it was just a few variables maybe, but I have cases where 100 need to be passed. It looks like a lot of rewriting is coming... Even with post passing, they all have to be collected them at the other end in some minimal script manner. Am I right in thinking arrays in this case? Thanks. Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Passing vars w/refresh w/register globals off?
Hi.. Got 4.1.1 going and think it's going to work fine. Except for this. A form calls itself and then uses the menu selection to route through a switch to various refresh redirects... 'Hidden' isn't working and it's not post, get, cookie, etc. Can it be done? TIA Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Passing vars w/refresh w/register globals off?
What do you mean by 'hidden'? If you're talking about a hidden form input, how can it not be post? Bogdan Floyd Baker wrote: Hi.. Got 4.1.1 going and think it's going to work fine. Except for this. A form calls itself and then uses the menu selection to route through a switch to various refresh redirects... 'Hidden' isn't working and it's not post, get, cookie, etc. Can it be done? TIA Floyd -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]