Skip to main content

Posts

Showing posts with the label post

Prevent Back button from showing POST confirmation alert

I have an application that supplies long list of parameters to a web page, so I have to use POST instead of GET. The problem is that when page gets displayed and user clicks the Back button, Firefox shows up a warning: To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier. Since application is built in such way that going Back is a quite common operation, this is really annoying to end users. Basically, I would like to do it the way this page does: http://www.pikanya.net/testcache/ Enter something, submit, and click Back button. No warning, it just goes back. Googling I found out that this might be a bug in Firefox 3, but I'd like to somehow get this behavior even after they "fix" it. I guess it could be doable with some HTTP headers, but which exactly? Source: Tips4all

POST a file string using cURL in PHP?

I was wondering if it is possible to post a file - along with other form data - when the file is just a string? I know that you can post a file that is already on the filesystem by prefixing the filepath with "@". However I'd like to bypass creating a temporary file and send just the file as a string, but I am unsure how to construct the request using cURL in PHP. Cheers $postFields = array( 'otherFields' => 'Yes' ,'filename' => 'my_file.csv' ,'data' => 'comma seperated content' ); $options = array( CURLOPT_RETURNTRANSFER => true ,CURLOPT_SSL_VERIFYPEER => false ,CURLOPT_SSL_VERIFYHOST => 1 ,CURLOPT_POSTFIELDS => $postFields ,CURLOPT_HTTPHEADER => array( 'Content-type: multipart/form-data' ) ); Source: Tips4all

Why strings in $_POST can not contain a dot ".”?

Basicaly the title say's it all. i had an hidden input on my page where i wanted to set the name to "some.major.uber.setting" for example: <input type="hidden" name="some.major.uber.setting" value="dummy value" /> and when i looked at the $_POST data it contained "some_major_uber_setting". Can anybody explain this behaviour Source: Tips4all

Is it preferred to assign POST variable to an actual variable?

I've just completed my registration form for my website and for the action page where all the SQL takes place I've just skipped assigning the POST variable to actual ones, like this... $username = $_POST['username']; Instead I've just been using the POST variables throughout the PHP page. Are there any risks or errors that can be met whilst practicing? Also, excuse me if I am using incorrect terminology...

PHP Securely transform $_GET / $_POST array

I was checking my script for vulnerabilities and was shocked the way i used to do in the past which is extremely insecure: foreach ($_GET as $key => $value){ $$key = $value; } or shorter extract( $_GET ); I altered with firebug some POST/GET variables to match a name i used in my script. they can be overwritten if the name would be guessed correctly. So i thought i had to do it individually naming like this: $allowed_vars = $allowed_vars = array("time","hotfile","netload","megaupload","user","pfda","xyz","sara","amount_needed"); foreach ($_GET as $key => $value) { if (in_array($key,$allowed_vars)) { $$key = $value; } } This way saves some time than naming them individually. What kind of automation have to be used for this?