[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

PHP Code Question

Posted on 2011-09-28
7
Medium Priority
?
299 Views
Last Modified: 2012-05-12
The attached code works fine. This code basically pulls data from a MySQL database & displays it in a browser. At this time when a user pulls this form up it displays the path to the .php file (URL) in the browser...My question is, is there any way for me to hide the URL or maybe even the tail end of it? For instance, at this time when it is pulled up in a browser it shows http://myserver/myfolder/thisfile.php

Is there any a way for me to add something to the attahced code to hide the thisfile.php at the end of the URL?
 
<html>  
<body bgcolor="#03EBA6"> 
<head>

<?php
include('lock.php');
?>

<body>
<h2>Welcome <?php echo $login_session; ?></h2> 

<b><p><h5><a href="slogout.php">LOG OUT</a> </h5></p>
This area displays employees supervised by John Doe.
</body>

<html>
<head>
<title> PETS</title>
</head>
</html>

<title> PETS</title>
<table>
      <thead>
      <tr>
	   <table border='7'>

<th>First Name</th>
<th>Last Name</th>
<th>6-Month Review Date</th>
<th>Eval Due Date</th>
<th>Eval Due to Emp</th>
<th>Eval Due to the Man</th>
<th>Eval Due to Per Spec</th>
<th>Last Increase Date</th>
<th>Current L/S</th>
<th>Step Promo Due Date</th>
<th>Next L/S</th>
<th>Last Rating</th>
<th>Last Eval Date</th>

      </tr>      
      </thead>
      <tbody>
<?php
require('connection.php');

if (isset($_GET['op']) && $_GET['op'] == "d") 
if($_GET['op'] == "d" && !empty($_GET['id']) )
{
   $query="UPDATE hr_info SET status = '0' WHERE hrid={$_GET['id']}";
   $result = mysql_query($query) or die(mysql_error());  
}

$query="SELECT hrid, f_name, l_name, eval_due_date, SUBDATE( `eval_due_date`, INTERVAL 6 MONTH) as `six_months_prior_date`, ADDDATE( `eval_due_date`, INTERVAL 7 DAY) as `due_2_emp`, ADDDATE( `eval_due_date`, INTERVAL 14 DAY) as `due_2_chf`, ADDDATE( `eval_due_date`, INTERVAL 44 DAY) as `due_2_ps`, gscl, lwlr, wgdd, rating, nls, last_eval_date FROM hr_info WHERE status ='1' AND supervisor = 'john doe' ORDER BY eval_due_date ";
$result = mysql_query($query) or die(mysql_error());  
 
while($row = mysql_fetch_array( $result )) {
?>
       <tr>
           
						<td><?php echo "".$row['f_name']; ?></td>
                        <td><?php echo "".$row['l_name']; ?></td>						
                        <td><?php echo "".$row['six_months_prior_date']; ?></td>
						<td><?php echo "".$row['eval_due_date']; ?></td>
						<td><?php echo "".$row['due_2_emp']; ?></td>
						<td><?php echo "".$row['due_2_chf']; ?></td>
						<td><?php echo "".$row['due_2_ps']; ?></td>
						<td><?php echo "".$row['lwlr']; ?></td>
						<td><?php echo "".$row['gscl']; ?></td>
						<td><?php echo "".$row['wgdd']; ?></td>
						<td><?php echo "".$row['nls']; ?></td>
						<td><?php echo "".$row['rating']; ?></td>
						<td><?php echo "".$row['last_eval_date']; ?></td>
      </tr>
<?php } ?>            
      </tbody>
 
</table>

Open in new window

0
Comment
Question by:wantabe2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:RHochstenbach
ID: 36719800
What you could do is using POST instead of GET and then put both the form and the PHP code in the same file.
Example:
<form method="post" action="">
<input name="myname">
</form>

<?php
if(isset($_POST['myname'])) {
$myname = $_POST['myname'];
$find = mysql_query("select * FROM names WHERE name = '$myname'");
}
?>
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36719901
I am not sure I understand what you are trying to hide, but I can tell you that these lines do not make sense.

if (isset($_GET['op']) && $_GET['op'] == "d")
if($_GET['op'] == "d" && !empty($_GET['id']) )
{
   $query="UPDATE hr_info SET status = '0' WHERE hrid={$_GET['id']}";
   $result = mysql_query($query) or die(mysql_error());  
}

There is never a case when you want to modify the data model on the basis of a GET request; that is a violation of the HTTP protocols.  Consider what would happen if a hacker ran a script that had this:

$id = 0;
while ($id < 1000000)
    $id++;
    file_get_contents("//path/to/your.php?op=d&id=$id");
}

Poof - the script has just clobbered your first million rows.

So if you find that changing to POST is the thing you want, here is another reason to do it!

Best regards, ~Ray
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 36720061
Renaming or rewriting the file name is done by the server.  Nothing you can add to the PHP file to do that.  In addition, line 48 does nothing at all.  I would have thought it would show an error.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36720155
@Dave, I think this is more or less what the author meant near line 48.
if (isset($_GET["op"]))
{
    if ($_GET["op"] == 'd')
    {
        if (!empty($_GET["id"]))
        {
            $id  = mysql_real_escape_string($_GET["id"]);
            $sql = "UPDATE hr_info SET status = '0' WHERE hrid = '$id' LIMIT 1";
            $res = mysql_query($sql) or die(mysql_error());
            $num = mysql_affected_rows($res);
            if (!$num) echo "DID NOT FIND hr_info FOR hrid = $id";
        }
    }
}

Open in new window

0
 
LVL 6

Accepted Solution

by:
neorush earned 2000 total points
ID: 36720214
You can accomplish something like this with Apache's mod_rewrite.  If you are on a linux / unix server you are probably using apache, and you probably have mod_rewrite available.  Create or edit a .htaccess file in the root of your site and add  / edit this and then visit something like: http://myserver/AnythingIWantHere
##### SITE REWRITES ######
RewriteEngine on
RewriteRule ^AnythingIWantHere$ /myfolder/thisfile.php [L]

Open in new window

0
 
LVL 15

Author Comment

by:wantabe2
ID: 36891178
@neorush
I am using WAMP on a Windows box....is this still possible?
0
 
LVL 6

Expert Comment

by:neorush
ID: 36892508
Yeah, apache is apache, you just need the rewrite module installed.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question