Reputation: 1639
I want to implement a method in a page where I want to know where a POST request cam from
I want to implement a system where I want to know where a POST request cam from.
For example: I have a form with a submit button in it. When the User clicks on the submit button it goes to the page. But I want to know the source from where the post request came.
This is the code till now:
<form action="profile.php?id=<?php echo $user->id; ?>" method="post" name="formAdd"><input name="btnAddUser" type="submit" value="Add User"></form>
Should I use a hidden input element? Would that be a good way OR maybe something else?
Upvotes: 0
Views: 212
Answers (5)
Reputation: 5920
I would use a hidden field where the value="name_of_referring_page". This way, no matter what the user's settings, firewall, browser, etc you get the info that you want.
Upvotes: 0
Reputation: 5917
You could save the page in a session variable ($_SESSION["something"] = "page.php"), that is the most secure way, I think, because a hidden input in a form could be changed by the user, and $_SERVER['HTTP_REFERER'] is not always avaliable.
Upvotes: 0
Reputation: 6106
It really depends on how secure and reliable you need it to be. A hidden form field would work although it means you'd need to add it to every form that points to your processing script. It's also easy to fake if someone wanted to. Alternatively you could use $_SERVER['HTTP_REFERER']. This isn't always reliable - I believe it does depend on what browser you're using but should be good enough in most simple scenarios. Another alternative would be to store something in the session and use that. That's probably the most secure as it's all server-side and can't be tampered with, but it is probably the hardest to implement (not that it's rocket science).
Upvotes: 1
Reputation: 318508
First of all, there is no reliable way - users can tamper with requests if they want to.
Besides that, there are two ways to get the kind of information you want:
- The referer, available via
$_SERVER['HTTP_REFERER']: It contains the full URL from which the request came, but some people use extensions/firewalls/etc. that block or even spoof referers - As you suggested, a hidden form element. This always works unless the user actively wants to tamper with the data sent. So that's the preferred way.
Upvotes: 3
Reputation: 382696
The $_SERVER['HTTP_REFERER'] will let you know where the request came from.
More info:
Upvotes: 1
Related Questions
- A way to determine ID of form during POST method
- Post request come from which page
- Know where request came from
- See what php page of action returns
- How can I post form into same php page and intercept it?
- Track the POST request
- How to know if a page is called via a POST method in PHP.
- Detecting which form was submitted in php
- Right treatment of getting the POST method information in the same page
- What's a good way to determine where POST information was sent from