Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Converting GET to POST

Status
Not open for further replies.
Tve

Tve

Programmer
May 22, 2000
166
FR
Hi,

I have an application that can callup any URL, including of course PHP, but only using the GET method. It's a bit unfortunate, since the users can see all the arguments passed to the script and could eventually attempt to hack it.

My idee would be to have the php script check is the passed arguments are GET: if so convert to POST and recall itself.

If I'm not mistaken, the arguments should only be visible for a split second, with is fine to me.

Checking if variables have been sent with GET shouldn't be that difficult, but I do not know if a php can call another php (in this case itself) by passing POST arguments.

Any suggestions?

Thanks,



AD AUGUSTA PER ANGUSTA

Thierry
 
Sort by date Sort by votes
First of all, you can see what method was used by using $_SERVER['REQUEST_METHOD'].

But hiding the GET vars from the user is a bit of work. Usually the only way to change what's in the address bar is to redirect to a new page. But if you redirect, you can't use POST, only GET. So you still have that problem. Perhaps there's a better way!

You mentioned being concerned that people could see the variable names and that this could be a security risk. Though, hackers will likely be using a packet sniffer, in which case they'd see the POST vars too.

I don't think it's that bad to have GET vars in plain view (after all, Tek-tips does it)... but if you want to obfuscate them, perhaps the user agent could base64_encode the variable values, and your script could decode them.

I REALLY hope that helps.
Will
 
Upvote 0 Downvote
Will,

Maybe I am a bit parano.

I have no control on the user agent.

I suppose I could put the arguments in the session variable and then recall itself....



AD AUGUSTA PER ANGUSTA

Thierry
 
Upvote 0 Downvote
Can you change the application to POST?

There's always a better way. The fun is trying to find it!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Locked
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
602
Chris Miller
Chris Miller
P
  • Locked
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
638
Chris Miller
Chris Miller
W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
386
wiltang2004
W
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
713
feherke
feherke
rogerte
  • Locked
  • Question
How to parse associative array
Replies
13
Views
2K
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top