?
Solved

PHP Code Question

Posted on 2011-09-28
7
Medium Priority
?
294 Views
Last Modified: 2012-05-12
The attached code works fine. This code basically pulls data from a MySQL database & displays it in a browser. At this time when a user pulls this form up it displays the path to the .php file (URL) in the browser...My question is, is there any way for me to hide the URL or maybe even the tail end of it? For instance, at this time when it is pulled up in a browser it shows http://myserver/myfolder/thisfile.php

Is there any a way for me to add something to the attahced code to hide the thisfile.php at the end of the URL?
 
<html>  
<body bgcolor="#03EBA6"> 
<head>

<?php
include('lock.php');
?>

<body>
<h2>Welcome <?php echo $login_session; ?></h2> 

<b><p><h5><a href="slogout.php">LOG OUT</a> </h5></p>
This area displays employees supervised by John Doe.
</body>

<html>
<head>
<title> PETS</title>
</head>
</html>

<title> PETS</title>
<table>
      <thead>
      <tr>
	   <table border='7'>

<th>First Name</th>
<th>Last Name</th>
<th>6-Month Review Date</th>
<th>Eval Due Date</th>
<th>Eval Due to Emp</th>
<th>Eval Due to the Man</th>
<th>Eval Due to Per Spec</th>
<th>Last Increase Date</th>
<th>Current L/S</th>
<th>Step Promo Due Date</th>
<th>Next L/S</th>
<th>Last Rating</th>
<th>Last Eval Date</th>

      </tr>      
      </thead>
      <tbody>
<?php
require('connection.php');

if (isset($_GET['op']) && $_GET['op'] == "d") 
if($_GET['op'] == "d" && !empty($_GET['id']) )
{
   $query="UPDATE hr_info SET status = '0' WHERE hrid={$_GET['id']}";
   $result = mysql_query($query) or die(mysql_error());  
}

$query="SELECT hrid, f_name, l_name, eval_due_date, SUBDATE( `eval_due_date`, INTERVAL 6 MONTH) as `six_months_prior_date`, ADDDATE( `eval_due_date`, INTERVAL 7 DAY) as `due_2_emp`, ADDDATE( `eval_due_date`, INTERVAL 14 DAY) as `due_2_chf`, ADDDATE( `eval_due_date`, INTERVAL 44 DAY) as `due_2_ps`, gscl, lwlr, wgdd, rating, nls, last_eval_date FROM hr_info WHERE status ='1' AND supervisor = 'john doe' ORDER BY eval_due_date ";
$result = mysql_query($query) or die(mysql_error());  
 
while($row = mysql_fetch_array( $result )) {
?>
       <tr>
           
						<td><?php echo "".$row['f_name']; ?></td>
                        <td><?php echo "".$row['l_name']; ?></td>						
                        <td><?php echo "".$row['six_months_prior_date']; ?></td>
						<td><?php echo "".$row['eval_due_date']; ?></td>
						<td><?php echo "".$row['due_2_emp']; ?></td>
						<td><?php echo "".$row['due_2_chf']; ?></td>
						<td><?php echo "".$row['due_2_ps']; ?></td>
						<td><?php echo "".$row['lwlr']; ?></td>
						<td><?php echo "".$row['gscl']; ?></td>
						<td><?php echo "".$row['wgdd']; ?></td>
						<td><?php echo "".$row['nls']; ?></td>
						<td><?php echo "".$row['rating']; ?></td>
						<td><?php echo "".$row['last_eval_date']; ?></td>
      </tr>
<?php } ?>            
      </tbody>
 
</table>

Open in new window

0
Comment
Question by:wantabe2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:RHochstenbach
ID: 36719800
What you could do is using POST instead of GET and then put both the form and the PHP code in the same file.
Example:
<form method="post" action="">
<input name="myname">
</form>

<?php
if(isset($_POST['myname'])) {
$myname = $_POST['myname'];
$find = mysql_query("select * FROM names WHERE name = '$myname'");
}
?>
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36719901
I am not sure I understand what you are trying to hide, but I can tell you that these lines do not make sense.

if (isset($_GET['op']) && $_GET['op'] == "d")
if($_GET['op'] == "d" && !empty($_GET['id']) )
{
   $query="UPDATE hr_info SET status = '0' WHERE hrid={$_GET['id']}";
   $result = mysql_query($query) or die(mysql_error());  
}

There is never a case when you want to modify the data model on the basis of a GET request; that is a violation of the HTTP protocols.  Consider what would happen if a hacker ran a script that had this:

$id = 0;
while ($id < 1000000)
    $id++;
    file_get_contents("//path/to/your.php?op=d&id=$id");
}

Poof - the script has just clobbered your first million rows.

So if you find that changing to POST is the thing you want, here is another reason to do it!

Best regards, ~Ray
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 36720061
Renaming or rewriting the file name is done by the server.  Nothing you can add to the PHP file to do that.  In addition, line 48 does nothing at all.  I would have thought it would show an error.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36720155
@Dave, I think this is more or less what the author meant near line 48.
if (isset($_GET["op"]))
{
    if ($_GET["op"] == 'd')
    {
        if (!empty($_GET["id"]))
        {
            $id  = mysql_real_escape_string($_GET["id"]);
            $sql = "UPDATE hr_info SET status = '0' WHERE hrid = '$id' LIMIT 1";
            $res = mysql_query($sql) or die(mysql_error());
            $num = mysql_affected_rows($res);
            if (!$num) echo "DID NOT FIND hr_info FOR hrid = $id";
        }
    }
}

Open in new window

0
 
LVL 6

Accepted Solution

by:
neorush earned 2000 total points
ID: 36720214
You can accomplish something like this with Apache's mod_rewrite.  If you are on a linux / unix server you are probably using apache, and you probably have mod_rewrite available.  Create or edit a .htaccess file in the root of your site and add  / edit this and then visit something like: http://myserver/AnythingIWantHere
##### SITE REWRITES ######
RewriteEngine on
RewriteRule ^AnythingIWantHere$ /myfolder/thisfile.php [L]

Open in new window

0
 
LVL 15

Author Comment

by:wantabe2
ID: 36891178
@neorush
I am using WAMP on a Windows box....is this still possible?
0
 
LVL 6

Expert Comment

by:neorush
ID: 36892508
Yeah, apache is apache, you just need the rewrite module installed.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question