Reputation: 113
Posting a form data using POST with PHP
I have been looking into this for hours and still at a loss.
I have a PHP page (PAGE1.PHP) with a link and when the link is clicked by the user the PHP page would need to read some data from a database and post this data using POST to a third-party site.
I managed to do this with CURL however the problem is that although the data is posted and the third-party page does load correctly, the URL (in the browser) is still show as PAGE1.PHP as opposed to the third-party URL I posted to.
Is there a way how I can do this?
I have the option of creating a form on PAGE1.PHP with the data I read from the database set as hidden and the link as a submit. I didn't try it yet but should work however this means that the data I am reading from the db can be read by the user by just viewing source.
Any ideas on how I can do this?
Upvotes: 1
Views: 453
Answers (3)
Reputation: 218
The problem is that when you use CURL to post it's your web server that's posting, not the user's browser. So if any sessions or cookies are being used they won't carry over.
I'd do what you mentioned, creating a hidden form and posting the data that way. You could be clever about it though and do a document.ready in jQuery and as soon as the hidden form is loaded you could post it for the user. While there is still a small window of opportunity for them to view source it'd be a little more stream-lined.
<script>
$(document).ready(function() {
$('#hiddenForm').submit();
});
</script>
Edit Full example:
<?
$urlToPostTo = 'http://www.thirdPartyDomain.com/login';
$varsToPost['user'] = 'username';
$varsToPost['pass'] = 'password';
?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script>
$(document).ready(function() {
$('#hiddenForm').submit();
});
</script>
<?
echo '<form id="hiddenForm" action="'.$urlToPostTo.'" method="post">';
/* create a hidden input for each var in 'varsToPost' */
foreach($varsToPost as $varName=>$varValue) {
echo '<input type="hidden" name="'.$varName.'" value="'.$varValue.'">';
}
echo '</form>';
?>
Just add / remove variables in the $varsToPost array and they'll automatically be plugged in. I guess if you were passing a password / sensitive data you could always encrypt it in php and decrypt it in js right before the form submit. This would still leave you open as anyone would have access to your decrypting function but it'd mask your data at a glance.
Even so, this form submit happens very quickly, it's hard to tell that it's being sneaky.
Upvotes: 1
Reputation: 5743
You can use header function from PHP in order to make a real redirect with POST data.
Follow some sources for your reference.
http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
http://shiflett.org/articles/form-spoofing
Upvotes: 0
Reputation: 39480
The URL in the browser correctly shows your original URL, because that's what the browser requested, and that's what served the request; your PHP page made a POST request behind the scenes to get the data, but it then served it back to your browser.
To get the result I think you want, you need to redirect the browser to make the post. You're correct to be concerned with the issues of hidden data; sounds like you might need to do a bit of architecture work to resolve that problem.
Upvotes: 4
Related Questions
- How can I use cURL to post form data in php?
- Post data to api via curl
- POST data and redirect user by PHP CURL
- How do I submit POST data using PHP and cURL?
- php curl post redirect
- php curl doesn't send post data in form
- Using cURL to POST data to a form
- Post form data using cURL to simple form
- PHP + Curl Post. It fills the form, but does not post
- How to send post data to a url and go to url with php?