Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

forwarding POST data to external host, data includes files

Posted on 2009-04-03
Last Modified: 2012-05-06
Senario: I have to submit a form to an external host, the external host responds with an email, and returns the the user to a confirmation page, which is hosted on my server (the url is included in the form data). The confirmation page url has a unique 'ticket number' appended to it by the external server. I cannot submit the form directly as I need to validate the form before submission to the external site, using php.

So I need to catch the form submission, check that the required fields are filled in, using server side code, and then forward the data as a POST to the external server. The user is then shown the confirmation page.

I have succeded in doing this using a JS self submitting form, but I need to forward files uploaded on the original form, is it possible to forward uploaded files using this method?

Alternatively, I have tried CURL, fputs, and stream_get_contents. However is it possible to use a serverside approach and have the confirmation page displayed to the client as they didn't initiate the request?
Question by:Ginola
  • 4
  • 2
  • 2

Expert Comment

ID: 24059935
What happens serverside except for validation? If it's only the validation, I'd highly recommend doing the validation client-side in this case, and just let the form itself post to the external host..
LVL 109

Accepted Solution

Ray Paseur earned 300 total points
ID: 24068317
Is this by any chance a homework assignment?

Regarding this statement: "I cannot submit the form directly as I need to validate the form before submission..." -- therein lies one of the central issues in WWW security.  You can validate all you want on the client side of things, but what happens when the client turns JavaScript off?  More importantly, what happens when a malicious script begins bombarding the "external host" with bogus information, attack data, etc.?

Simply put, you MUST validate the form data in the action script -- there is no alternative.  Any validation you do on the client side of things is a nicety, but is irrelevant in terms of security and the validity of the data model.

Now having unburdened myself of that, let me see if I can paraphrase what you want to do.

1. Client submits a form to an action script on your server.
2. Your server validates the form data and either rejects it accepts it.
3. On acceptance, your server posts the form data to a foreign server.
4. You get some kind of signal back from the foreign server and return this signal to the client.

Does that state it accurately?

Thanks, ~Ray

Assisted Solution

Pantalaim0n earned 200 total points
ID: 24068676
Validation works both ways. You can validate everything there is either client-side or (own) server side, but if the external host doesn't do its own validation server-side once it receives data, it's still pointless. I assume the author doesn't have control on the external host.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

LVL 109

Expert Comment

by:Ray Paseur
ID: 24068697
@Pantalaim0n: you are probably right about no control of the external host.  Hope they are doing their own validation ;-)  A few more specifics from the OP would be helpful, for sure, like the code that is written so far.

Best regards, ~Ray

Author Comment

ID: 24116616
Hi all, sorry for the delayed reply.

I was given an incorrect spec by my boss, apparently it is possible to validate it clientside, and pass it directly to the external host (which does it's own 'proper' validation). I was told that it was not possible for the external server to validate and return the user to the 'confirmation page' if I had required fields on the form.

Many thanks for your comments, much appreciated, sorry for wasting your time.
LVL 109

Expert Comment

by:Ray Paseur
ID: 24168836
Before I post an objection to this request to delete, please explain why you do not feel that our comments deserve some points.  Thanks, ~Ray

Author Comment

ID: 24168896
I'm happy to give you some points, I appreciate that you have given time up to try to solve this, I don't know the procedure though, is it possible to give some points to both you and Pantalaim0n?
LVL 109

Expert Comment

by:Ray Paseur
ID: 24169250
Thanks for your consideration.  Yes, you can do that.  Go up to the original post and click the "request attention" button.   You can ask a moderator for guidance - there is a help page that tells how, but I don't have a link to it, sorry.

best regards, ~Ray

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Correct syntax for subdirectories 9 18
check mysql insert 12 26
asp.net open new page without popup blocker 8 18
message Alert on an empty search 10 17
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question