clonetrooper9494 Posted December 12, 2007 Share Posted December 12, 2007 PHP/JavaScript question:Can you post form data and put in the URL?As in the post data would be there and the URL would be mydomain.com/index.html?form_data=this-is-a-test I know I could use $_request , but I want them to be compared... to stop people from trying to hack... so it appers that its using $_get , not $_post and $_get .I was thinking a JavaSrcipt to change where the form goes when they submit it to 'blah.com/jdskgh.html?info1=' + document.form1.info1.value + '&info2=' + document.form1.info2.valueand so on... but I am not sure how to do that...Have any sugestions? Link to comment Share on other sites More sharing options...
justsomeguy Posted December 12, 2007 Share Posted December 12, 2007 You could, but what's the point? If someone changes the values in the querystring and nothing different happens they will look at what gets submitted through post and change that, it's trivial enough for someone to change what goes through post. Link to comment Share on other sites More sharing options...
clonetrooper9494 Posted December 12, 2007 Author Share Posted December 12, 2007 Well, I also want to submit data that I don't want them to see... such as a certain code. not soley to trick them. Link to comment Share on other sites More sharing options...
Ingolme Posted December 12, 2007 Share Posted December 12, 2007 Then why not send the form data as post data?<form method="post"> Link to comment Share on other sites More sharing options...
justsomeguy Posted December 12, 2007 Share Posted December 12, 2007 Well, I also want to submit data that I don't want them to see... such as a certain code. not soley to trick them.In the end, you can't submit anything that the user doesn't see. The user is submitting the data, after all, not you or the server. It's easy to set up an application like a proxy server to run all your requests through and just look at what data is getting submitted. Link to comment Share on other sites More sharing options...
Synook Posted December 13, 2007 Share Posted December 13, 2007 Remember people can just look at the source code as well... it is easy also for a person to create a bogus form with whatever fields they want, and then just set <form action="pageonyourserver.php" ... > Link to comment Share on other sites More sharing options...
rnd me Posted December 13, 2007 Share Posted December 13, 2007 "I was thinking a JavaSrcipt to change where the form goes when they submit it to'blah.com/jdskgh.html?info1=' + document.form1.info1.value + '&info2=' + document.form1.info2.valueand so on... but I am not sure how to do that.. " var allFormsData=[];for (var z=0; z< document.forms.length; z++){var inputs = document.forms[z].elements;var mx= inputs.length;var qs=[];for(var i=0; i<mx; i++){if(inputs[i].name && inputs[i].value || inputs[i].checked )qs[qs.length]="&"+escape(inputs[i].name)+"="+ escape(inputs[i].checked || inputs[i].value);var out=qs.join("").substr(1)}allFormsData[z]= out}//nextalert( allFormsData.join("\n")) Link to comment Share on other sites More sharing options...
clonetrooper9494 Posted December 14, 2007 Author Share Posted December 14, 2007 Thanks every one... I guess it was just one of those weird 'what if...'s I sometimes have ! I didn't think of it as pointoless, but it was 12:00 at night...I have to get back to wokring on my Xmas script... as I like to say, *Let's topic rot* Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.