POST url parameter understanding

Question

I have got API like below for my android application. I am able to test it using postman app for chrome.

    <?php
    require_once 'include/DB_Functions.php';
    require_once 'include/utility.php';
    $db = new DB_Functions();
    $response = array("error" => FALSE);

    if (isset($_POST['membership']) && isset($_POST['orderid']) && isset($_POST['email'])) {
        $time = getDatetimeNow();
        $membership = $_POST["membership"];
        $orderid    = $_POST["orderid"];
        $email      = $_POST["email"];

        $response = $db->premium($membership, $orderid, $email, $time);   
        echo json_encode($response);
    } else {
        // required post params is missing
        $response["error"] = TRUE;
        $response["error_msg"] = "Required parameters email, orderid and membership are missing!";
        echo json_encode($response);
    }
?>

its working fine and have not any issue but I have some similar api and I want test it direct from browser but I am getting parameter missing error in it.

I am trying it like below URL

https://example.com/api/premium.php?membership=1&orderid=123&email=myemail@mail.com

its give me errr that parameter is missing. Anyone can please suggest me how can I check it using browser instead of postman etc? Thanks

score 1 · Accepted Answer · answered Jul 11 '18 at 06:23

1

You're trying to send data via GET request, but it's not the same as POST. You cannot just put variables in URL and send it like POST data, because POST data sends in body or request. You can read here

If you want to send data via POST, you can create a HTMJL page with a small form and send it by POST, for example:

<form action="https://example.com/api/premium.php" method="POST">
    <input type="text" name="membership" value="1">
    <input type="text" name="orderid" value="123">
    <input type="text" name="email" value="myemail@mail.com">
    <input type="submit">
</form>

answered Jul 11 '18 at 06:23

MrSmile

1,125
1
9
20

Ok Thanks! I got it. – Priti Patel Jul 11 '18 at 06:27
1

Alternatively, OP could change their code from `$_POST` to `$_REQUEST` and use either GET or POST parameters – Phil Jul 11 '18 at 06:30
@Phil there any side effect of using $_REQUEST? – Priti Patel Jul 11 '18 at 06:38
@PritiPatel it includes merged data from `$_GET`, `$_POST` and `$_COOKIE`. The order of precedence is determined by environment configuration so you may get varying results, depending on where you execute it – Phil Jul 11 '18 at 06:41

score 0 · Answer 2 · answered Jul 11 '18 at 06:24

You can not send email as a query string becaues Reserved characters in URLs must be encoded to be valid, or they are ambiguous and might be used for their reserved purposes in the URL. @ is a reserved character, and must be encoded as %40.

PHP decodes this for you. It's transparent to you, and you don't even have to worry about it.

POST url parameter understanding

2 Answers2