Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PHP & Forms

Posted on 2003-02-26
15
Medium Priority
?
209 Views
Last Modified: 2008-03-06
I have a login form on a page.  The user enters their username an password.  When they click the submit button they are sent to the next page.  

The values the user enters into boxes are added as they should be, to the query string.  My only concern is that the query string looks as follows:

"?username=admin&password=admin"

as you can see it clearly shows the password which is far from ideal.  is there a work around?

many thanks in advance



0
Comment
Question by:tilman
  • 4
  • 4
  • 2
  • +2
13 Comments
 
LVL 5

Expert Comment

by:harwantgrewal
ID: 8023871
just do one thing instead of using get method in form use post like
<form name='login' method="post" action="url.php">
.....
</form>

harry
0
 
LVL 15

Expert Comment

by:VGR
ID: 8023954
yes
or encrypt the PWD
or use a session variable
0
 

Author Comment

by:tilman
ID: 8024441
???

i used the post method but it was still appended onto the query string.  How can I put the value of the variable "password" into a session variable? without passing it to another or the same page?  either way the password would still be added to the query string.

any comments on my waffle?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 5

Expert Comment

by:harwantgrewal
ID: 8024475
you cannot do it without passing to other or same page here is one more thing I dont know how but its possible that you can just call a php within the flash and the php will return you the status and can assign session variable look at this
http://www.neonyc.com open guest it send emails but you never know which url and which values :)

Harry
0
 

Author Comment

by:tilman
ID: 8024524
???

i used the post method but it was still appended onto the query string.  How can I put the value of the variable "password" into a session variable? without passing it to another or the same page?  either way the password would still be added to the query string.

any comments on my waffle?
0
 

Author Comment

by:tilman
ID: 8024547
Sorry harry, i couldnt understand your sentence?  this must be an extremely common occurence? many thanks alan
0
 
LVL 15

Accepted Solution

by:
VGR earned 80 total points
ID: 8024657
if your FORM has action="..." METHOD=POST [enctype=...form-encoded] then the request URL should not contain the fields, and no more the QUERY_STRING nor the PATH_INFO

Only in $_POST[] should you see the stuff.

An other idea : use HIDDEN fields, just to check what I'm saying
0
 

Expert Comment

by:savatage
ID: 8031022
yes, yes, use post method...
0
 
LVL 5

Expert Comment

by:harwantgrewal
ID: 8031505
I want to tell you that there is a way that you can call a url within your flash file without opening a page and that php file can register the session and can return you a value from which you can display message in flash it self. Like the url I have give you in this when you click on guest you fill all the details and when you press submit button it calls a php which send email and return the relavent message to falsh that email has been sent or not. I think now I made myself more clear still if you have any problem feel free to ask

Harry
0
 

Author Comment

by:tilman
ID: 8031657
I am not sure how the hidden field idea would work? If the field is hidden then how can a user type in there password?

I will retry the post method during lunch hour, many thanks :)

ps

sorry harry, flash is out of the question!  I dont make the rules i just follow them.
0
 
LVL 5

Assisted Solution

by:harwantgrewal
harwantgrewal earned 80 total points
ID: 8031694
<form action="login.php" method="post" name="login" id="login">
  <table width="100%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td>User Name</td>
      <td><input name="user" type="text" id="user"></td>
    </tr>
    <tr>
      <td>Password</td>
      <td><input name="pass" type="password" id="pass"></td>
    </tr>
    <tr>
      <td><input type="submit" name="Submit" value="Submit"></td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>


This should work

Harry
0
 
LVL 7

Assisted Solution

by:Big_Red_Dog
Big_Red_Dog earned 80 total points
ID: 8033132
That's half the answer.  In login.php, you access the values using $_POST['pass'] and $_POST['user'].
0
 
LVL 7

Expert Comment

by:Big_Red_Dog
ID: 8547269
Did any of this help you?  If so, please award a grade to close this question.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question