Jump to content
  • Announcements

    • boen_robot

      Guidelines and Netiquette   03/28/2017

      Posting Problems:   Having problems posting your topic? Read through this: To join, you agree to our terms and conditions and fill out and submit a registration form. An activation email will be sent to your email adress, so you'll need to verify your account. After that the account has to be validated by one of the moderators. This will mean that it can take up to a day to be activated. A couple of things to remember to ensure approval: Don't use an email address in one of those $2 four character .com domains eg. xyds.com. These will be deleted and the domain added to the banned list. Don't use an email address that is within a domain with a bad reputation for spam. A Google search is run on every email address and email domain. Don't sign up with an email address that doesn't exist, doesn't work or requires the sender to answer a quiz before their email can get to you. Put your country and or state and city in the signup form. Blank forms will go to the botton of the "to do" list. And make sure that your email address and your country match, saying you're from Alabama and using a .ru email address is not going to get you activated. After a membership is activated the first few posts will be monitored. Posting spam or unapproved topics described in the agreement results in an immediate ban. The email provider and the IP addresses associated with the account will be banned and all posts will be deleted. These strict measures have been deemed necessary to hinder spam. Sorry for any inconvenience this causes, but it's not liable to change. If, after reading this, you still can't post and don't understand why, contact one of the Moderators listed here.   Topic Guidelines   Including the following information can expedite an accurate response from board members: Must be a Specific Problem or Question related to web design and development Include Code in Question (wrap with   for small blocks of code and for longer blocks   ) Include Code Author Include Extra Notes/Modifications/Attempts Include web link to page/file when possible Content Guidelines   You may not post, upload, link to, or email any Content that contains, promotes, gives instruction about, or provides prohibited Content. Prohibited Content includes any Content that breaks any local, state, county, national or international law. Prohibited Content also includes: No direct or indirect advertising or websites, forums, products, services No hijacking of posts (do not post your question in someone elses) Content that infringes upon any rights [ex. MP3s and ROMs] (including, but not limited to, copyrights and trademarks) Abusive, threatening, defamatory, racist, or obscene Viruses or any other harmful computer software False Information or libel Spam, chain letters, or Pyramid schemes Gambling or Illicit drugs Terrorism Hacking or cheating for internet/online games Warez, Roms, CD-Keys, Cracks, Passwords, or Serial Numbers Pornography, nudity, or sexual material of any kind Excessive profanity Invasive of privacy or impersonation of any person/entity Hacking materials or information Posting Tips   There are more BBcodes than there are buttons for on the reply menu. To get the full list, click "BB Code Help" underneath the clickable smilie face menu. Use   for small snippets of code Use   for lengthy snippets of code Use   if your snippet is HTML (optional) Use   if your snippet is SQL (optional) Rules of Conduct   Be nice. There's no need for calling someone stupid if they ask an 'easy' question. Keep your avatars and signatures absolutely child friendly. We have a younger audience on this forum. Keep your language appropriate for the same reason above. Do not PM moderators for help on the forum. Post on the topic, or create a new one.   Spam:   Recently, as you have all without doubt noticed, we have had lots of spam and advertisement on the forum. Therefore, we'd like to alert you as to what to do when you have found any of the aforementioned annoying messages: it. Immediately. Give a clear reason, please, if the advertising is not evident. DO NOT POST! Report, let the post stay as is, and we will get to it, meanwhile if you continue to post as normal in the other threads, it won't be on the top so long. Refrain from PMing the member. This won't help at all, as they are most likely spambots anyway. Thank you.       Images in signatures:   After thinking of users on dial-up, we have decided to enforce the following rules regarding signatures. Please pay heed to them. Respecting these rules is respecting the members on this forum with dial-up. Signature rules: No animated images AT ALL. No matter the amount of animation. Maximum image widthxheight: 300x150 Maximum image (file) size: 15kb Use calm colors. Do not use highly contrasting images in your signature, as this can get really annoying when seeing several posts from one member in the same thread. The same prohibited content goes for images as for posts. Lastly, use common sense. No lengthy signatures please. Save us some scrolling. Thank you.       Links in signatures:   Please understand that w3schools.com only exists because of voluntary work and is barely supported by the advertising littered throughout the tutorials and the forum. So, please, stop advertising other sites. DO not post links that drive traffic away from the w3schools domain - especially to a site that offers similar if not identical information. Please help support the site by keeping individuals on it. Thank you. Here are some guidelines as to what you can put in your signature: w3schools links --> allowed w3.org links --> allowed browser links --> allowed html editor links --> allowed personal sites --> allowed tutorial sites competing with w3schools --> NOT allowed sites completely irrelevant to webprogramming and this forum --> NOT allowed   Thanks for understanding, and for taking the time to read this. ~W3Schools Modstaff~
iwato

href="?value = ..."

Recommended Posts

iwato    6

I recently stumbled on still another piece of code to which I am not accustomed 

<a href="?edit=<?php echo $row['obs']; ?>" onclick="return confirm('sure to edit !'); " >edit</a>

How does one read the phrase ?edit= in plain English?

Roddy

Share this post


Link to post
Share on other sites
Gabrielphp    9

It doesn't have a plain reading. You use that question mark because it is a query string.

 

From https://www.freeformatter.com/url-parser-query-string-splitter.html

What's the 'query string' in a URL?

The query contains extra information that is usually in the key-pair format. Each pair is usually separated by an ampersand & character. It follows the ? character.

  • Like 1

Share this post


Link to post
Share on other sites
justsomeguy    954

Just to clarify, if the link is a query string only and does not contain the rest of the URL, it uses the current URL of the page with the new query string.

  • Like 1

Share this post


Link to post
Share on other sites
iwato    6

Based on the aforesaid, it appears appears to be a dangerous short-cut.  Would it be better to write the query, say with a PHP magical constant?

 

Edited by iwato

Share this post


Link to post
Share on other sites
justsomeguy    954

It's fine to use that style to refer to the current page.  PHP's magic constants wouldn't help though, there's not one that refers to the current URL.  You can build the URL from the $_SERVER array, but it's not necessary if you're just linking to the current page.

  • Thanks 1

Share this post


Link to post
Share on other sites
iwato    6

JSG:  What do you think was meant by the words, 

Quote

the chances of it plucking any url or actually landing on a page called ?edit=whatever is pretty substantial

There appears to be a degree of uncertainty in this method.  How do you respond to Dsonesuk on this matter?

Share this post


Link to post
Share on other sites
dsonesuk    712

There is only one URL it could use, the current pages. So the querystring can only be added to the end of THAT url when the page reload after clicking the link, it didn't need clarifying.

Share this post


Link to post
Share on other sites
justsomeguy    954

There's no uncertainty.  When you click on a link like that and the browser is building the URL to request, if the link only contains a querystring then the browser will use the current page, add the querystring to it (or replace an existing one), and use that as the URL for the request.  There's honestly not a lot to say on this topic, it's pretty basic.  It's just a link to the current page with a new querystring.  It wouldn't matter whether or not someone managed to actually create a file with that name on the server because the browser wouldn't request that file anyway, it's going to request the current page again.

  • Like 1

Share this post


Link to post
Share on other sites
iwato    6

Dsonesuk and JSG:

QUESTION ONE:  The first time that the page is requested there is no HTTP Request.  If I have understood correctly, when the link in question is clicked, the page is reloaded and a $_GET variable is generated.  Because the page opens to itself is there a need for sanitization?

QUESTION TWO: Is it necessary to reload the page in order to generate an HTTP request.  Or, is it enough that the statement that receives the request be included from another file?

Roddy 

Edited by iwato

Share this post


Link to post
Share on other sites
dsonesuk    712

The page is reloaded because you are clicking a link which will call itself because no other url is requested, but! the current page url will have the querystring attached to it as well. When the page reloads if this page has php code that will check and read the name and value transferred with the querystring using $_GET[], this value can be passed onto a php variable.

Yes! you should sanitize, as it is a querystring viewable and editable from address bar.

You could prevent page reloading by using JavaScript, then by using AJAX, process the data from external php page and return result.

  • Thanks 1

Share this post


Link to post
Share on other sites
justsomeguy    954

The first time that the page is requested there is no HTTP Request.

What does that mean?  How are you opening it?  Are you just double-clicking on a file on your computer or something?  If so, the PHP code won't run at all.  Or, if it's actually on a web server, then there's always a request.  The server responds to requests, that's its job.

  • Like 1

Share this post


Link to post
Share on other sites
iwato    6

Donesuk:  So, if I have understood correctly, always sanitize when using $_GET requests.

JSG:  I get your point.  When I think of HTTP requests, I rarely think in terms of the $_SERVER variable, as the request and response are performed automatically and are rarely visible except for the realized webpage.  I should probably have written "The first time that the page is requested there is no QUERY_STRING", for this would cover both $_GET and $_POST requests as was my original intention.

Roddy

Share this post


Link to post
Share on other sites
iwato    6

In this same context.

BACKGROUND:  I have two pages: one called index.php and another called crud.php. The latter page is included into the index.php page when the index.php is requested.  

Inside the index.php file is a form that produces several post variables that are transferred via a $_POST superglobal when the form data is submitted. The resulting $_POST superglobal is examined for content via an isset( ) functions that is part of the condition of an if-statement found in crud.php.  The data contained in the $_POST is then processed and sent to a MySQL database within the body of the if-statement.

At no point in this procedure is the $_SERVER superglobal invoked.  The form element's method attribute is simply set to post.  The action attribute is omitted.

QUESTION:  From the point of view of the browser is the transfer of data from the form to the if-statement and eventually to the database all conducted on the same page?

 

Edited by iwato

Share this post


Link to post
Share on other sites
dsonesuk    712

No 'action' attribute means it will default to action="", which means it will submit to itself.

As the page is loaded, it is read from top to bottom and any include are read top to bottom, at the end of include it will continue reading through the main page again.

While going through crud.php include, it will process any specific $_POST request targeted that is present at that time, if none exist, it will proceed with else condition or move on to rest of main page.

Share this post


Link to post
Share on other sites
iwato    6

In short, there is no page reload.  Is this correct?

Share this post


Link to post
Share on other sites
justsomeguy    954

Only 'get' request uses querystring, the passing of 'post' data is hidden and not shown in the address bar.

That's not technically true, it's fine to do this:

<form method="post" action="process.php?submit=true">

In short, there is no page reload.  Is this correct?

If you're submitting the form then the page is reloading.  Maybe not technically a reload, but the browser is sending a new request to the server.  You can open your browser's developer tools and go to the Network tab to see the requests and responses.

Share this post


Link to post
Share on other sites
iwato    6
Quote

You can open your browser's developer tools and go to the Network tab to see the requests and responses.

So, if upon clicking on the submit button with the console turned on, the same page appears under Network, then the page has reloaded.  Is this correct?

 

Share this post


Link to post
Share on other sites
justsomeguy    954

When I use the term "reload" or "refresh" I usually refer to the actual refresh button, and in that sense no, it doesn't reload.  It sends a new request, not the same one as before.  Not all requests result in the entire page being redrawn though, you can use ajax to send requests and then only change part of the page.  If you're not using ajax and you submit a form, then yes the browser will send a request and redraw the entire page.

Share this post


Link to post
Share on other sites
iwato    6

Yes,  I am preparing AJAX now.  First, I had to discover a good CRUD model.  There are several on the net, and always they are filled with new code that takes a while to wade through.  The discovery is interesting and has nearly always proven beneficial, but the process is long and arduous.

Back to my question:  I assume that most browser network consoles operate similarly.  If the page appears in the console as previously described what is being evidence -- any and all HTTP requests?

Quote

 

 

Share this post


Link to post
Share on other sites
justsomeguy    954

The network tab shows all requests sent by the browser.  For images, CSS files, Javascript files, whatever, every request.  If you click on the request you can also see the request and response headers, and the response from the server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×