CODEWITHSUNDEEP
phploops
John
John

Reputation: 2501

looping through url

I want to do a loop, normally it is done with while do for etc but when the process is big I came up with a solution to refresh the page by echoing a javascript to refresh the page for the next loop.

for example:

The page is http://localhost/index.php --> this preforms the first iteration with $i=1;

at the end of the script it will be redirected to http://localhost/index.php?i=$i++

if (!$_GET['i']){
 $i = 1;
}else{
 $i = $_GET['i'];
}
if ($i<500){
 // proceed with $i = $_GET['i']
 //then redirect to  http://localhost/index.php?i=$i++
}else{
 echo "done";
}

Now, consider a situation that the imput parameters come from a FORM to this script. (i.e. $parameter1 , $parameter2, $parameter3) Then I have to pass them every time to new url (next iteration).

At normal work I can pass them as GET variable to new url but how can I pass them if I don't want the user be able to see the value of parameters in url?

Upvotes: 0

Views: 108

Answers (2)

giorgio
giorgio

Reputation: 10212

Not to be rude, but both answers above are quite prone to security issues (but the session solution is the best one). As for the 'encryption' solution of @itamar: that's not exactly encryption... This is called 'Caesar cypher' (http://en.wikipedia.org/wiki/Caesar_cipher), which is indeed as safe as a paper nuclear bunker...

It can be much easier and safe as can be; do not save the iteration in the session, but in the database. For the next request, the only thing you have to do is get the iterator from the database and go on with whatever you want to do. Sessions can be stolen, meaning someone could let you iterate from, say, $i=10 a thousand times. It cannot be done when the iterator is stored in a secure database.

Upvotes: 0

hakre
hakre

Reputation: 197842

At normal work I can pass them as GET variable to new url but how can I pass them if I don't want the user be able to see the value of parameters in url?

You can not with the bare redirect, but if you're talking about a specific user, you can do so by assigning those parameters as session variables Docs and then passing the session id as an additional parameter (or trust the user has cookies enabled).

function do_redirect($i, Array $parameters)
{
   $i = (int) $i;
   $parameters['i'] = $i; // save to session as well
   $_SESSION['parameters'] = $parameters;
   // redirect to http://localhost/index.php?i=$i&SID
}

if (is_form_request())
{
    $parameters = get_form_parameters();
    do_redirect(1, $parameters);
}
elseif (is_redirect_loop_request())
{
    $parameters = $_SESSION['parameters'];
    $i = $parameters['i'];
    if ($i < 500)
    {
        do_redirect($i++, $parameters);
    } else {
        echo "done.";
    }
}

Upvotes: 1

Related Questions