Jump to content

href="?value = ..."


iwato

Recommended Posts

I recently stumbled on still another piece of code to which I am not accustomed 

<a href="?edit=<?php echo $row['obs']; ?>" onclick="return confirm('sure to edit !'); " >edit</a>

How does one read the phrase ?edit= in plain English?

Roddy

Link to comment
Share on other sites

It doesn't have a plain reading. You use that question mark because it is a query string.

 

From https://www.freeformatter.com/url-parser-query-string-splitter.html

What's the 'query string' in a URL?

The query contains extra information that is usually in the key-pair format. Each pair is usually separated by an ampersand & character. It follows the ? character.

  • Like 1
Link to comment
Share on other sites

Based on the aforesaid, it appears appears to be a dangerous short-cut.  Would it be better to write the query, say with a PHP magical constant?

 

Edited by iwato
Link to comment
Share on other sites

It's fine to use that style to refer to the current page.  PHP's magic constants wouldn't help though, there's not one that refers to the current URL.  You can build the URL from the $_SERVER array, but it's not necessary if you're just linking to the current page.

  • Thanks 1
Link to comment
Share on other sites

JSG:  What do you think was meant by the words, 

Quote

the chances of it plucking any url or actually landing on a page called ?edit=whatever is pretty substantial

There appears to be a degree of uncertainty in this method.  How do you respond to Dsonesuk on this matter?

Link to comment
Share on other sites

There's no uncertainty.  When you click on a link like that and the browser is building the URL to request, if the link only contains a querystring then the browser will use the current page, add the querystring to it (or replace an existing one), and use that as the URL for the request.  There's honestly not a lot to say on this topic, it's pretty basic.  It's just a link to the current page with a new querystring.  It wouldn't matter whether or not someone managed to actually create a file with that name on the server because the browser wouldn't request that file anyway, it's going to request the current page again.

  • Like 1
Link to comment
Share on other sites

Dsonesuk and JSG:

QUESTION ONE:  The first time that the page is requested there is no HTTP Request.  If I have understood correctly, when the link in question is clicked, the page is reloaded and a $_GET variable is generated.  Because the page opens to itself is there a need for sanitization?

QUESTION TWO: Is it necessary to reload the page in order to generate an HTTP request.  Or, is it enough that the statement that receives the request be included from another file?

Roddy 

Edited by iwato
Link to comment
Share on other sites

The page is reloaded because you are clicking a link which will call itself because no other url is requested, but! the current page url will have the querystring attached to it as well. When the page reloads if this page has php code that will check and read the name and value transferred with the querystring using $_GET[], this value can be passed onto a php variable.

Yes! you should sanitize, as it is a querystring viewable and editable from address bar.

You could prevent page reloading by using JavaScript, then by using AJAX, process the data from external php page and return result.

  • Thanks 1
Link to comment
Share on other sites

The first time that the page is requested there is no HTTP Request.

What does that mean?  How are you opening it?  Are you just double-clicking on a file on your computer or something?  If so, the PHP code won't run at all.  Or, if it's actually on a web server, then there's always a request.  The server responds to requests, that's its job.

  • Like 1
Link to comment
Share on other sites

Donesuk:  So, if I have understood correctly, always sanitize when using $_GET requests.

JSG:  I get your point.  When I think of HTTP requests, I rarely think in terms of the $_SERVER variable, as the request and response are performed automatically and are rarely visible except for the realized webpage.  I should probably have written "The first time that the page is requested there is no QUERY_STRING", for this would cover both $_GET and $_POST requests as was my original intention.

Roddy

Link to comment
Share on other sites

In this same context.

BACKGROUND:  I have two pages: one called index.php and another called crud.php. The latter page is included into the index.php page when the index.php is requested.  

Inside the index.php file is a form that produces several post variables that are transferred via a $_POST superglobal when the form data is submitted. The resulting $_POST superglobal is examined for content via an isset( ) functions that is part of the condition of an if-statement found in crud.php.  The data contained in the $_POST is then processed and sent to a MySQL database within the body of the if-statement.

At no point in this procedure is the $_SERVER superglobal invoked.  The form element's method attribute is simply set to post.  The action attribute is omitted.

QUESTION:  From the point of view of the browser is the transfer of data from the form to the if-statement and eventually to the database all conducted on the same page?

 

Edited by iwato
Link to comment
Share on other sites

No 'action' attribute means it will default to action="", which means it will submit to itself.

As the page is loaded, it is read from top to bottom and any include are read top to bottom, at the end of include it will continue reading through the main page again.

While going through crud.php include, it will process any specific $_POST request targeted that is present at that time, if none exist, it will proceed with else condition or move on to rest of main page.

Link to comment
Share on other sites

Only 'get' request uses querystring, the passing of 'post' data is hidden and not shown in the address bar.

That's not technically true, it's fine to do this:

<form method="post" action="process.php?submit=true">

In short, there is no page reload.  Is this correct?

If you're submitting the form then the page is reloading.  Maybe not technically a reload, but the browser is sending a new request to the server.  You can open your browser's developer tools and go to the Network tab to see the requests and responses.

Link to comment
Share on other sites

Quote

You can open your browser's developer tools and go to the Network tab to see the requests and responses.

So, if upon clicking on the submit button with the console turned on, the same page appears under Network, then the page has reloaded.  Is this correct?

 

Link to comment
Share on other sites

When I use the term "reload" or "refresh" I usually refer to the actual refresh button, and in that sense no, it doesn't reload.  It sends a new request, not the same one as before.  Not all requests result in the entire page being redrawn though, you can use ajax to send requests and then only change part of the page.  If you're not using ajax and you submit a form, then yes the browser will send a request and redraw the entire page.

Link to comment
Share on other sites

Yes,  I am preparing AJAX now.  First, I had to discover a good CRUD model.  There are several on the net, and always they are filled with new code that takes a while to wade through.  The discovery is interesting and has nearly always proven beneficial, but the process is long and arduous.

Back to my question:  I assume that most browser network consoles operate similarly.  If the page appears in the console as previously described what is being evidence -- any and all HTTP requests?

Quote

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...