Solved

PHP Code Question

Posted on 2011-09-28
7
293 Views
Last Modified: 2012-05-12
The attached code works fine. This code basically pulls data from a MySQL database & displays it in a browser. At this time when a user pulls this form up it displays the path to the .php file (URL) in the browser...My question is, is there any way for me to hide the URL or maybe even the tail end of it? For instance, at this time when it is pulled up in a browser it shows http://myserver/myfolder/thisfile.php

Is there any a way for me to add something to the attahced code to hide the thisfile.php at the end of the URL?
 
<html>  
<body bgcolor="#03EBA6"> 
<head>

<?php
include('lock.php');
?>

<body>
<h2>Welcome <?php echo $login_session; ?></h2> 

<b><p><h5><a href="slogout.php">LOG OUT</a> </h5></p>
This area displays employees supervised by John Doe.
</body>

<html>
<head>
<title> PETS</title>
</head>
</html>

<title> PETS</title>
<table>
      <thead>
      <tr>
	   <table border='7'>

<th>First Name</th>
<th>Last Name</th>
<th>6-Month Review Date</th>
<th>Eval Due Date</th>
<th>Eval Due to Emp</th>
<th>Eval Due to the Man</th>
<th>Eval Due to Per Spec</th>
<th>Last Increase Date</th>
<th>Current L/S</th>
<th>Step Promo Due Date</th>
<th>Next L/S</th>
<th>Last Rating</th>
<th>Last Eval Date</th>

      </tr>      
      </thead>
      <tbody>
<?php
require('connection.php');

if (isset($_GET['op']) && $_GET['op'] == "d") 
if($_GET['op'] == "d" && !empty($_GET['id']) )
{
   $query="UPDATE hr_info SET status = '0' WHERE hrid={$_GET['id']}";
   $result = mysql_query($query) or die(mysql_error());  
}

$query="SELECT hrid, f_name, l_name, eval_due_date, SUBDATE( `eval_due_date`, INTERVAL 6 MONTH) as `six_months_prior_date`, ADDDATE( `eval_due_date`, INTERVAL 7 DAY) as `due_2_emp`, ADDDATE( `eval_due_date`, INTERVAL 14 DAY) as `due_2_chf`, ADDDATE( `eval_due_date`, INTERVAL 44 DAY) as `due_2_ps`, gscl, lwlr, wgdd, rating, nls, last_eval_date FROM hr_info WHERE status ='1' AND supervisor = 'john doe' ORDER BY eval_due_date ";
$result = mysql_query($query) or die(mysql_error());  
 
while($row = mysql_fetch_array( $result )) {
?>
       <tr>
           
						<td><?php echo "".$row['f_name']; ?></td>
                        <td><?php echo "".$row['l_name']; ?></td>						
                        <td><?php echo "".$row['six_months_prior_date']; ?></td>
						<td><?php echo "".$row['eval_due_date']; ?></td>
						<td><?php echo "".$row['due_2_emp']; ?></td>
						<td><?php echo "".$row['due_2_chf']; ?></td>
						<td><?php echo "".$row['due_2_ps']; ?></td>
						<td><?php echo "".$row['lwlr']; ?></td>
						<td><?php echo "".$row['gscl']; ?></td>
						<td><?php echo "".$row['wgdd']; ?></td>
						<td><?php echo "".$row['nls']; ?></td>
						<td><?php echo "".$row['rating']; ?></td>
						<td><?php echo "".$row['last_eval_date']; ?></td>
      </tr>
<?php } ?>            
      </tbody>
 
</table>

Open in new window

0
Comment
Question by:wantabe2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:RHochstenbach
ID: 36719800
What you could do is using POST instead of GET and then put both the form and the PHP code in the same file.
Example:
<form method="post" action="">
<input name="myname">
</form>

<?php
if(isset($_POST['myname'])) {
$myname = $_POST['myname'];
$find = mysql_query("select * FROM names WHERE name = '$myname'");
}
?>
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 36719901
I am not sure I understand what you are trying to hide, but I can tell you that these lines do not make sense.

if (isset($_GET['op']) && $_GET['op'] == "d")
if($_GET['op'] == "d" && !empty($_GET['id']) )
{
   $query="UPDATE hr_info SET status = '0' WHERE hrid={$_GET['id']}";
   $result = mysql_query($query) or die(mysql_error());  
}

There is never a case when you want to modify the data model on the basis of a GET request; that is a violation of the HTTP protocols.  Consider what would happen if a hacker ran a script that had this:

$id = 0;
while ($id < 1000000)
    $id++;
    file_get_contents("//path/to/your.php?op=d&id=$id");
}

Poof - the script has just clobbered your first million rows.

So if you find that changing to POST is the thing you want, here is another reason to do it!

Best regards, ~Ray
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 36720061
Renaming or rewriting the file name is done by the server.  Nothing you can add to the PHP file to do that.  In addition, line 48 does nothing at all.  I would have thought it would show an error.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 110

Expert Comment

by:Ray Paseur
ID: 36720155
@Dave, I think this is more or less what the author meant near line 48.
if (isset($_GET["op"]))
{
    if ($_GET["op"] == 'd')
    {
        if (!empty($_GET["id"]))
        {
            $id  = mysql_real_escape_string($_GET["id"]);
            $sql = "UPDATE hr_info SET status = '0' WHERE hrid = '$id' LIMIT 1";
            $res = mysql_query($sql) or die(mysql_error());
            $num = mysql_affected_rows($res);
            if (!$num) echo "DID NOT FIND hr_info FOR hrid = $id";
        }
    }
}

Open in new window

0
 
LVL 6

Accepted Solution

by:
neorush earned 500 total points
ID: 36720214
You can accomplish something like this with Apache's mod_rewrite.  If you are on a linux / unix server you are probably using apache, and you probably have mod_rewrite available.  Create or edit a .htaccess file in the root of your site and add  / edit this and then visit something like: http://myserver/AnythingIWantHere
##### SITE REWRITES ######
RewriteEngine on
RewriteRule ^AnythingIWantHere$ /myfolder/thisfile.php [L]

Open in new window

0
 
LVL 15

Author Comment

by:wantabe2
ID: 36891178
@neorush
I am using WAMP on a Windows box....is this still possible?
0
 
LVL 6

Expert Comment

by:neorush
ID: 36892508
Yeah, apache is apache, you just need the rewrite module installed.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question