37

Can i send for example a string or another piece of information to another .php file without it being exposed [thus not by GET but by POST conform to what i know] without using a form?

Samuel
  • 17,035
  • 16
  • 45
  • 83
  • 4
    Sounds like you need to use sessions. – Gazler Sep 23 '10 at 17:23
  • 1
    It's not entirely clear where you are sending the data from and to. Is it Client to Server or Server to Server or Server to different Server? – buggedcom Sep 23 '10 at 17:26
  • well i pass it along from one file to another on the same server – Samuel Sep 23 '10 at 17:28
  • The data will be almost equally well-exposed through POST as it is through GET, the key value pairs will just not show up in the address bar but the information is still being transferred in the clear unless you are using SSL or this is strictly a server-to-server type of thing over a secured communication channel. – flatline Sep 23 '10 at 17:28
  • POST data is extremely visible to the user (just not your typical user). Sessions are the way to go. – riwalk Sep 23 '10 at 17:29

6 Answers6

24

If you don't want your data to be seen by the user, use a PHP session.

Data in a post request is still accessible (and manipulable) by the user.

Checkout this tutorial on PHP Sessions.

Stephen Holiday
  • 695
  • 4
  • 11
  • 1
    this not a good soloution, also if the author accepted this as a workaround. also sessions are way easier to hijack than manupilating a post request (ie. by a "man in the middle" attack) – Andreas Linden Sep 23 '10 at 18:17
  • 1
    Why is this a bad solution? Perhaps Samuel's process is such that hijacking the session is not an issue. The only way to truly solve session hijacking (in a unobtrusive way) is using SSL for all session related requests. If Samuel was worried about the data being leaked, he should use SSL. – Stephen Holiday Sep 23 '10 at 18:30
  • 2
    @zolex, what is so difficult about intercepting post data? Sitting in a coffee shop with WireShark running is all you need to hijack POST data. Recreate the request with cookies and post data, and you are good to go. If you consider sessions to be a bad solution, then SSL is the only good solution. – riwalk Sep 24 '10 at 18:44
  • classical user-fail when sending sensitive data from a coffee shop ;) and btw, the question was how to send post data with php, to not expose the data in the url so ie. it wont get logged by the webserver etc. i think this was the main purpose... my answer really answers teh question and does not provide some overhead workaround like yours. well if he's fine with that. KISS ;) – Andreas Linden Sep 25 '10 at 00:25
17

You could use AJAX to send a POST request if you don't want forms.

Using jquery $.post method it is pretty simple:

$.post('/foo.php', { key1: 'value1', key2: 'value2' }, function(result) {
    alert('successfully posted key1=value1&key2=value2 to foo.php');
});
Darin Dimitrov
  • 960,118
  • 257
  • 3,196
  • 2,876
  • 1
    That is javascript. AJAX = Asynchronous Javascript And XML – Gazler Sep 23 '10 at 17:26
  • @Samuel, now if you say that no javascript is allowed then things become rather impossible :-) – Darin Dimitrov Sep 23 '10 at 17:29
  • I didn't know AJAX was Javascript and I can't really use Javascript – Samuel Sep 23 '10 at 17:30
  • What can you use in fact? Are you developing a web site or something else because saying that you cannot use forms and javascript seems like you start with a great handicap in web development from the beginning? Is it because technically you don't know javascript or there's some other reason? – Darin Dimitrov Sep 23 '10 at 17:31
  • i can't use javascript for core functions and i was looking for ways to pass along information without forms, i could maybe use hidden forms but i was looking for a more elegant way (i completely forgot about sessions) – Samuel Sep 23 '10 at 17:38
  • 1
    this is probably the best answer here, using jquery to do the heavy lifting, and this also works after the page has been rendered. – Dheeraj Nov 16 '15 at 06:38
  • @DarinDimitrov Can we send json array with post request. I want to send array with post request. – Pushpendra Singh Dec 31 '15 at 13:05
  • 1
    The question tags is PHP, this is not PHP – wpcoder Oct 27 '17 at 17:25
  • How to post the output data to another PHP page using the POST method, https://www.pastiebin.com/5d1da8d6643ec and my retrieve PHP code is : https://www.pastiebin.com/5d1da94043f95 @Darin Dimitrov – Gem Jul 04 '19 at 07:21
10

Send your data with SESSION rather than post.

session_start();
$_SESSION['foo'] = "bar";

On the page where you recieve the request, if you absolutely need POST data (some weird logic), you can do this somwhere at the beginning:

$_POST['foo'] = $_SESSION['foo'];

The post data will be valid just the same as if it was sent with POST.

Then destroy the session (or just unset the fields if you need the session for other purposes).

It is important to destroy a session or unset the fields, because unlike POST, SESSION will remain valid until you explicitely destroy it or until the end of browser session. If you don't do it, you can observe some strange results. For example: you use sesson for filtering some data. The user switches the filter on and gets filtered data. After a while, he returns to the page and expects the filter to be reset, but it's not: he still sees filtered data.

Gregor
  • 504
  • 5
  • 19
8

Simply use: file_get_contents()

// building array of variables
$content = http_build_query(array(
            'username' => 'value',
            'password' => 'value'
            ));
// creating the context change POST to GET if that is relevant 
$context = stream_context_create(array(
            'http' => array(
                'method' => 'POST',
                'content' => $content, )));

$result = file_get_contents('http://www.example.com/page.php', null, $context);
//dumping the reuslt
var_dump($result);

Reference: my answer to a similar question:

wpcoder
  • 860
  • 8
  • 15
5

have a look at the php documentation for theese functions you can send post reqeust using them.

fsockopen()
fputs()

or simply use a class like Zend_Http_Client which is also based on socket-conenctions.

also found a neat example using google...

Andreas Linden
  • 11,975
  • 7
  • 46
  • 65
1

function redir(data) {
  document.getElementById('redirect').innerHTML = '<form style="display:none;" position="absolute" method="post" action="location.php"><input id="redirbtn" type="submit" name="value" value=' + data + '></form>';
  document.getElementById('redirbtn').click();
}
<button onclick="redir('dataToBeSent');">Next Page</button>
<div id="redirect"></div>

You can use this method which creates a new hidden form whose "data" is sent by "post" to "location.php" when a button[Next Page] is clicked.

user11713698
  • 11
  • 1