Hiding variables passed via URL

**Olaf Schinkel** · Jul 12 '08, 05:15 PM

Re: Hiding variables passed via URL

chochote@gmail. com schrieb:

Hi,
>
I have a PHP script that does some processing, and stores an error
message as a variable. The script then redirects to another script
with the error string in the URL, with the second script displaying
the message and continues with the rest of the logic.
>
Now I want to hide the error message from the URL, but the second
script needs to continue working as is. How can I do this? I have
thought about md5'ing the message but the URLs still look messy. Any
other alternatives?
>
The script works like this;
$err = "";
$res = process();
if ($res == 0)
{
$err = "An error message";
}
header("Locatio n: script2.php?err =".urlencode($e rr));
>
Script2.php would display this message and continue with the rest of
the logic. Now I want to hide the Error message $err from the URL
after a redirect. How do I do this?
>
Thanks in advance.

SESSION varaibles exist.

**The Natural Philosopher** · Jul 12 '08, 05:45 PM

Re: Hiding variables passed via URL

chochote@gmail. com wrote:

Hi,
>
I have a PHP script that does some processing, and stores an error
message as a variable. The script then redirects to another script
with the error string in the URL, with the second script displaying
the message and continues with the rest of the logic.
>
Now I want to hide the error message from the URL, but the second
script needs to continue working as is. How can I do this? I have
thought about md5'ing the message but the URLs still look messy. Any
other alternatives?
>
The script works like this;
$err = "";
$res = process();
if ($res == 0)
{
$err = "An error message";
}
header("Locatio n: script2.php?err =".urlencode($e rr));
>
Script2.php would display this message and continue with the rest of
the logic. Now I want to hide the Error message $err from the URL
after a redirect. How do I do this?
>
Thanks in advance.

Use POST method.

Declare a form, and set a hidden variable err

**Michael Fesser** · Jul 12 '08, 07:15 PM

Re: Hiding variables passed via URL

..oO(The Natural Philosopher)

>chochote@gmail .com wrote:

>Hi,
>>
>I have a PHP script that does some processing, and stores an error
>message as a variable. The script then redirects to another script
>with the error string in the URL, with the second script displaying
>the message and continues with the rest of the logic.
>>
>Now I want to hide the error message from the URL, but the second
>script needs to continue working as is. How can I do this? I have
>thought about md5'ing the message but the URLs still look messy. Any
>other alternatives?
>>
>The script works like this;
>$err = "";
>$res = process();
>if ($res == 0)
>{
> $err = "An error message";
>}
>header("Locati on: script2.php?err =".urlencode($e rr));
>>
>Script2.php would display this message and continue with the rest of
>the logic. Now I want to hide the Error message $err from the URL
>after a redirect. How do I do this?
>>
>Thanks in advance.

>
>Use POST method.
>
>Declare a form, and set a hidden variable err

You can't redirect a POST request. Sessions are the way to go here if
the error code shouldn't appear in the URL.

Micha

**The Natural Philosopher** · Jul 12 '08, 09:05 PM

Re: Hiding variables passed via URL

Michael Fesser wrote:

.oO(The Natural Philosopher)
>

>chochote@gmail. com wrote:

>>Hi,
>>>
>>I have a PHP script that does some processing, and stores an error
>>message as a variable. The script then redirects to another script
>>with the error string in the URL, with the second script displaying
>>the message and continues with the rest of the logic.
>>>
>>Now I want to hide the error message from the URL, but the second
>>script needs to continue working as is. How can I do this? I have
>>thought about md5'ing the message but the URLs still look messy. Any
>>other alternatives?
>>>
>>The script works like this;
>>$err = "";
>>$res = process();
>>if ($res == 0)
>>{
>> $err = "An error message";
>>}
>>header("Locat ion: script2.php?err =".urlencode($e rr));
>>>
>>Script2.php would display this message and continue with the rest of
>>the logic. Now I want to hide the Error message $err from the URL
>>after a redirect. How do I do this?
>>>
>>Thanks in advance.

>Use POST method.
>>
>Declare a form, and set a hidden variable err

>
You can't redirect a POST request.

Are you sure?

>Sessions are the way to go here if
the error code shouldn't appear in the URL.
>
Micha

**Michael Fesser** · Jul 12 '08, 09:35 PM

Re: Hiding variables passed via URL

..oO(The Natural Philosopher)

>Michael Fesser wrote:

>>
>You can't redirect a POST request.

>
>Are you sure?

Sending POST data to another location must be triggered or at least
confirmed by the user. Automatically redirecting anything other than
GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").

Micha

**The Natural Philosopher** · Jul 13 '08, 06:15 AM

Re: Hiding variables passed via URL

Michael Fesser wrote:

.oO(The Natural Philosopher)
>

>Michael Fesser wrote:

>>You can't redirect a POST request.

>Are you sure?

>
Sending POST data to another location must be triggered or at least
confirmed by the user. Automatically redirecting anything other than
GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").
>

Ah, it may be forbidden, but does it work? ;-)

Micha

**C. (http://symcbean.blogspot.com/)** · Jul 13 '08, 11:35 AM

Re: Hiding variables passed via URL

On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:

Michael Fesser wrote:

.oO(The Natural Philosopher)

>

Michael Fesser wrote:
>You can't redirect a POST request.
Are you sure?

>

Sending POST data to another location must be triggered or at least
confirmed by the user. Automatically redirecting anything other than
GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").

>
Ah, it may be forbidden, but does it work? ;-)
>

Micha

NO

**sheldonlg** · Jul 13 '08, 12:25 PM

Re: Hiding variables passed via URL

C. (http://symcbean.blogspot.com/) wrote:

On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:

>Michael Fesser wrote:

>>.oO(The Natural Philosopher)
>>>Michael Fesser wrote:
>>>>You can't redirect a POST request.
>>>Are you sure?
>>Sending POST data to another location must be triggered or at least
>>confirmed by the user. Automatically redirecting anything other than
>>GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").

>Ah, it may be forbidden, but does it work? ;-)
>>

>>Micha

>
NO

Besides all that, a "hidden" variable is not really "hidden". A "view
source" will expose that variable. Session variables are, indeed, the
way to go.

Frankly, though, I don't see the big problem. Since the OP is passing
in the error message, it is obviously to display it to the user.
Otherwise, why do it? If it is also in the URL, so what?

**Jeff** · Jul 13 '08, 12:35 PM

Re: Hiding variables passed via URL

C. (http://symcbean.blogspot.com/) wrote:

On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:

>Michael Fesser wrote:

>>.oO(The Natural Philosopher)
>>>Michael Fesser wrote:
>>>>You can't redirect a POST request.
>>>Are you sure?
>>Sending POST data to another location must be triggered or at least
>>confirmed by the user. Automatically redirecting anything other than
>>GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").

>Ah, it may be forbidden, but does it work? ;-)
>>

>>Micha

>
NO

Lets say we wanted to post something in the background (ie, not
redirect the browser). How do you do that in PHP? In perl, I'd use the
LWP library.

I'm not sure what I'd be looking for, but I don't seem to find it here:

PHP: Function Reference - Manual

http://www.php.net/manual/en/funcref.php

Function Reference

Jeff

**Jerry Stuckle** · Jul 13 '08, 02:05 PM

Re: Hiding variables passed via URL

Jeff wrote:

C. (http://symcbean.blogspot.com/) wrote:

>On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:

>>Michael Fesser wrote:
>>>.oO(The Natural Philosopher)
>>>>Michael Fesser wrote:
>>>>>You can't redirect a POST request.
>>>>Are you sure?
>>>Sending POST data to another location must be triggered or at least
>>>confirmed by the user. Automatically redirecting anything other than
>>>GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").
>>Ah, it may be forbidden, but does it work? ;-)
>>>
>>>Micha

>>
>NO

>
>
Lets say we wanted to post something in the background (ie, not
redirect the browser). How do you do that in PHP? In perl, I'd use the
LWP library.
>
I'm not sure what I'd be looking for, but I don't seem to find it here:
>

PHP: Function Reference - Manual

http://www.php.net/manual/en/funcref.php

Function Reference

>
Jeff
>

What do you mean by "post something in the background"? You either post
or you don't post. There is no foreground or background on the web.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Jeff** · Jul 13 '08, 06:45 PM

Re: Hiding variables passed via URL

Jerry Stuckle wrote:

Jeff wrote:

>C. (http://symcbean.blogspot.com/) wrote:

>>On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:
>>>Michael Fesser wrote:
>>>>.oO(The Natural Philosopher)
>>>>>Michael Fesser wrote:
>>>>>>You can't redirect a POST request.
>>>>>Are you sure?
>>>>Sending POST data to another location must be triggered or at least
>>>>confirmed by the user. Automatically redirecting anything other than
>>>>GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").
>>>Ah, it may be forbidden, but does it work? ;-)
>>>>
>>>>Micha
>>>
>>NO

>>
>>
> Lets say we wanted to post something in the background (ie, not
>redirect the browser). How do you do that in PHP? In perl, I'd use the
>LWP library.
>>
> I'm not sure what I'd be looking for, but I don't seem to find it here:
>>
>http://www.php.net/manual/en/funcref.php
>>
> Jeff
>>

>
What do you mean by "post something in the background"? You either post
or you don't post. There is no foreground or background on the web.

I found this just after I posted:

PHP: 404 Not Found

http://us.php.net/manual/en/book.http.php

PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world.

But I'm unsure how that works as it is missing the examples.

Having a server retrieve a page or post data is not an unusual thing
to do, You may refer to it differently and my choice of terms may be
bad. One use would be if you are transparently handling something like a
Credit Card transaction and you don't want to take the customer off the
site. Usually you'd want that done with SSL and not on the query string.

Jeff

>

**Jerry Stuckle** · Jul 13 '08, 07:25 PM

Re: Hiding variables passed via URL

Jeff wrote:

Jerry Stuckle wrote:

>Jeff wrote:

>>C. (http://symcbean.blogspot.com/) wrote:
>>>On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:
>>>>Michael Fesser wrote:
>>>>>.oO(The Natural Philosopher)
>>>>>>Michael Fesser wrote:
>>>>>>>You can't redirect a POST request.
>>>>>>Are you sure?
>>>>>Sending POST data to another location must be triggered or at least
>>>>>confirme d by the user. Automatically redirecting anything other than
>>>>>GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").
>>>>Ah, it may be forbidden, but does it work? ;-)
>>>>>
>>>>>Micha
>>>>
>>>NO
>>>
>>>
>> Lets say we wanted to post something in the background (ie, not
>>redirect the browser). How do you do that in PHP? In perl, I'd use
>>the LWP library.
>>>
>> I'm not sure what I'd be looking for, but I don't seem to find it here:
>>>
>>http://www.php.net/manual/en/funcref.php
>>>
>> Jeff
>>>

>>
>What do you mean by "post something in the background"? You either
>post or you don't post. There is no foreground or background on the web.

>
I found this just after I posted:
>

PHP: 404 Not Found

http://us.php.net/manual/en/book.http.php

PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world.

>
But I'm unsure how that works as it is missing the examples.
>
Having a server retrieve a page or post data is not an unusual thing
to do, You may refer to it differently and my choice of terms may be
bad. One use would be if you are transparently handling something like a
Credit Card transaction and you don't want to take the customer off the
site. Usually you'd want that done with SSL and not on the query string.
>
Jeff

>>

>

Ok, you're talking about using the cURL libraries - that's the easiest
way, although you could do it with sockets, also.

Additionally, whether you're using SSL or not is completely independent
of whether you're using a query string (GET method) or not. GET/POST is
a means of transferring data between applications. SSL runs at a lower
level to encrypt/decrypt data. There is no relationship between them.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**The Natural Philosopher** · Jul 14 '08, 12:25 AM

Re: Hiding variables passed via URL

sheldonlg wrote:

C. (http://symcbean.blogspot.com/) wrote:

>On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:

>>Michael Fesser wrote:
>>>.oO(The Natural Philosopher)
>>>>Michael Fesser wrote:
>>>>>You can't redirect a POST request.
>>>>Are you sure?
>>>Sending POST data to another location must be triggered or at least
>>>confirmed by the user. Automatically redirecting anything other than
>>>GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").
>>Ah, it may be forbidden, but does it work? ;-)
>>>
>>>Micha

>>
>NO

>
>
Besides all that, a "hidden" variable is not really "hidden". A "view
source" will expose that variable. Session variables are, indeed, the
way to go.
>

well you can view cookies as well.

Frankly, though, I don't see the big problem. Since the OP is passing
in the error message, it is obviously to display it to the user.
Otherwise, why do it? If it is also in the URL, so what?

**Jerry Stuckle** · Jul 14 '08, 12:25 AM

Re: Hiding variables passed via URL

The Natural Philosopher wrote:

sheldonlg wrote:

>C. (http://symcbean.blogspot.com/) wrote:

>>On Jul 13, 7:13 am, The Natural Philosopher <a...@b.cwrot e:
>>>Michael Fesser wrote:
>>>>.oO(The Natural Philosopher)
>>>>>Michael Fesser wrote:
>>>>>>You can't redirect a POST request.
>>>>>Are you sure?
>>>>Sending POST data to another location must be triggered or at least
>>>>confirmed by the user. Automatically redirecting anything other than
>>>>GET or HEAD is explicitly forbidden by the HTTP spec ("MUST NOT").
>>>Ah, it may be forbidden, but does it work? ;-)
>>>>
>>>>Micha
>>>
>>NO

>>
>>
>Besides all that, a "hidden" variable is not really "hidden". A "view
>source" will expose that variable. Session variables are, indeed, the
>way to go.
>>

>
well you can view cookies as well.
>

>Frankly, though, I don't see the big problem. Since the OP is passing
>in the error message, it is obviously to display it to the user.
>Otherwise, why do it? If it is also in the URL, so what?

>

What does that have to do with this conversation? No one has mentioned
cookies until you did.

Why do you keep bringing up unrelated topics?

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Hiding variables passed via URL

Hiding variables passed via URL

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment