Page 1 of 1

How does one make an anchor, <a>, perform POST?

Posted: Sun Mar 07, 2010 8:56 pm
by JackD
With the following function:

Code: Select all

 
function make_links($Page, $keywords)
{ for($i=$Page; $i<=10; ++$i)
   { $find = urlencode($keywords);
     $href = "&nbsp;<a href=" . "atest.php?Page=$i&KWs=" . $find .  ">" . $i . "</a>";
     echo $href;
   }
}
how can I change it so it performs a POST instead of GET? Everything I have seen indicates POST is safer from hacking than GET, so I have been trying to use POST everywhere but I cannot get the above to do a POST.

Thanks

Re: How does one make an anchor, <a>, perform POST?

Posted: Sun Mar 07, 2010 9:10 pm
by michaeru
I think you can not POST data using anchors.
Well, I just started, but what I do is use URL Queries, process the query, then clear the URL Query as fast as possible, so users wont see that a URL Query is sent, except on the status bar.

And I revised your function a little:

Code: Select all

 
<?php
  function make_links($page, $keywords) {
    for($i = $page; $i <= 10; ++$i) {
      $find = urlencode($keywords);
?>
 
<a href="atest.php?page=<?=$i; ?>&kws=<?=$find; ?>"><?=$i; ?></a>
 
<?php
    }
  }
?>
 
I heard that its better not to echo HTML tags.

Re: How does one make an anchor, <a>, perform POST?

Posted: Sun Mar 07, 2010 9:21 pm
by JackD
Thanks... what are the <? ?> tags? I haven't seen those before. Do those replace quotes and double quotes?

Re: How does one make an anchor, <a>, perform POST?

Posted: Sun Mar 07, 2010 9:31 pm
by Weirdan
JackD wrote:Everything I have seen indicates POST is safer from hacking than GET
It's not true (unless you define 'hacking' in a very specific way like leaking data from GET requests (via Referer header) when user navigates to an external site by clicking a link on your site).
JackD wrote:so I have been trying to use POST everywhere but I cannot get the above to do a POST.
It's very bad for your search ratings. Search engine crawlers do not post anything and therefore cannot index responses to POST requests.

You shouldn't be making decision between post and get basing on some perceived security, but rather on their semantics: POST requests do something on the server (like sending a message, creating a record in the database, updating existing records, etc), GET requests retrieve something from server (like showing product information, getting a list of recent news, downloading a file, etc).

Re: How does one make an anchor, <a>, perform POST?

Posted: Sun Mar 07, 2010 9:44 pm
by JackD
What kinds of things do web crawlers be sending to a page, how would we recognize it, and how should we respond? Is there documentation somewhere that describes this interaction?

Thanks

Re: How does one make an anchor, <a>, perform POST?

Posted: Sun Mar 07, 2010 9:57 pm
by Weirdan
JackD wrote:What kinds of things do web crawlers be sending to a page
GET requests. Basically they:
  1. request a page
  2. process it (extract search keywords for example)
  3. then for all links on the page do the same starting from p1.
how would we recognize it, and how should we respond?
You shouldn't be doing this. Treat them like any other visitor. In fact, some (Google does that) would penalize you if you feed them different content from what you show to humans.

You're missing the point though. Re-read the last sentence of my previous post.

Re: How does one make an anchor, <a>, perform POST?

Posted: Sun Mar 07, 2010 10:01 pm
by flying_circus
JackD wrote:What kinds of things do web crawlers be sending to a page,
Typically valid page requests, but this shouldnt make any difference. Your web application should be able to handle anything thrown at it.

JackD wrote:how would we recognize it,
I favor a whitelist approach. If you have have a request variable that is used for navigation (example: http://www.example.org?navigation=products_page) check for the existence of the navigation key and if it exists, check the value against a list of valid actions. Disregard any key/values that you do not expect.

JackD wrote:and how should we respond?
If the key/value is not valid, disregard it or display a generic page, such as your home page or a 404 error page.

Re: How does one make an anchor, <a>, perform POST?

Posted: Mon Mar 08, 2010 4:13 am
by michaeru
<?='hello world' ?>

is equal to

<?php echo 'hello world'; ?>

Re: How does one make an anchor, <a>, perform POST?

Posted: Mon Mar 08, 2010 3:30 pm
by AbraCadaver
michaeru wrote:<?='hello world' ?>

is equal to

<?php echo 'hello world'; ?>
Don't teach anyone this. It only works if short_open_tag = On, and it is now off by default. This is not portable.

Re: How does one make an anchor, <a>, perform POST?

Posted: Mon Mar 08, 2010 7:59 pm
by Weirdan
AbraCadaver wrote:This is not portable.
Not everyone needs to care about portability. And I really hope this unwise decision to disable short_open_tag (or even having this ini knob in the first place) will get reverted with the release of PHP6.

Re: How does one make an anchor, <a>, perform POST?

Posted: Mon Mar 08, 2010 10:24 pm
by AbraCadaver
Weirdan wrote:
AbraCadaver wrote:This is not portable.
Not everyone needs to care about portability. And I really hope this unwise decision to disable short_open_tag (or even having this ini knob in the first place) will get reverted with the release of PHP6.
I don't care either way whether it is off or on by default, or removed soon. It's similar in some respects to register_globals, magic_quotes, etc. If it will be off in most installs, and removed in the near future, then why teach it to PHP beginners? How many posts have you seen that someone tries code and they don't get the result of the executed code but the code itself displayed, all due to this issue? Those writing enterprise applications that don't have to worry about portability or whether their host will change a setting already understand these things.