473,581 Members | 2,220 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Avoid 'GET' method

Is there a way to make a text link post to a form without passing all
the parameters in the url? The urls tend to get very long and messy. I
often wonder if there is a limit to how long they can get?

Jul 18 '05 #1
24 2840
somebody wrote:
Is there a way to make a text link post
no, you can't make a link *do* anything.
The urls tend to get very long and messy.
How come your addresses are so long?

What are you trying to do?
I often wonder if there is a limit to how long they can get?


no limit imposed by any public specification - in fact the
relevant one, RFC2616, even says it sets no limit - but
perhaps obviously there are implementation-specific limits.

--
Jock
Jul 18 '05 #3
>> Is there a way to make a text link post

no, you can't make a link *do* anything.


Yes, you can, but it's debatable as to whether it's a good idea.
For example, you might have a link labelled 'Delete' next to
a listing for a user on the editusers.php page:
http://my.domain.com/admin/editusers...te&userid=7362
and clicking on it deletes the user in question. (Obviously some kind
of authentication is in use for this, and maybe it takes you to a
confirmation page).

I'd be interested in someone's idea for a solution to the general
problem: you have a table with possibly hundreds or thousands of
lines in it. You want to have several clickable things on *each
line* that do stuff to the item (say, a DNS record) in question
(edit, delete, disable, enable, whatever). I've been using GET
with links that have a mode variable and some kind of id variable.
Disadvantages: running linkchecker on this destroys the database,
given that it effectively clicks on every delete button.

I've considered using PUT with forms with hidden fields instead.
Disadvantages: (a) the submit buttons tend to be too darn big,
making viewing enough of the table at one time impossible, and (b)
browsers tend to run out of memory much faster with a thousand forms
rather than a thousand links, and (c) a page with lots of forms is
a lot longer in HTML than a page with lots of links, making load
times noticible.

Gordon L. Burditt
Jul 18 '05 #4
Have you tried using hidden fields in a single form? You can use
JavaScript's onclick method to set your hidden fields based on the link you
click, and then to submit the form using formname.submit (); - your form can
the use the POST method. You can use the onsubmit=return confirm('are you
sure you want to delete'); to make sure a link checker never gets to delete
anything... it's also a good idea to have a JavaScript confirmation for your
users as they may not want to delete. Remember, of course, that this does
not stop anyone from deleting records with malicious intent - they can
submit a form from any other web site that is identical to yours - so you
will need an additional verification (login with cookies/session, etc).

ECRIA
http://www.ecria.com
Jul 18 '05 #5
Gordon Burditt wrote:
[John Dunlop wrote:]
no, you can't make a link *do* anything.


Yes, you can,


yes, the resource the link identifies can do something, but
the link itself can't. that's what I meant; sorry for any
confusion.

--
Jock
Jul 18 '05 #6
>Have you tried using hidden fields in a single form?

I don't see how to do that, as the value of the hidden field has to
identify which record is to be affected.
You can use
JavaScript's onclick method to set your hidden fields based on the link you
click, and then to submit the form using formname.submit (); - your form can
the use the POST method. You can use the onsubmit=return confirm('are you
sure you want to delete'); to make sure a link checker never gets to delete
anything... it's also a good idea to have a JavaScript confirmation for your
users as they may not want to delete.
JavaScript is Turned Off(tm) until someone comes up with a browser
that can have JavaScript selectively enabled by as sophisticated a
filter as Firefox has for cookies (enable for JavaScript from
specific hosts ONLY). And even then I'd have a hard time getting
it accepted by the admins in question. It manages to lock up
browsers too often, and having to remember to turn it off after
"temporaril y" enabling it is a problem. Admins sometimes have to
investigate SPAM complaints, and this may lead them to follow links
in SPAM with malicious JavaScript (the most obnoxious that aren't
coupled with viruses are the ones that open two windows when you
close one).

Forms like this are for use by people who are supposed to know what
they are doing. Altering raw DNS records is not for the casual
user. Also, re-entering a single accidentally-deleted DNS record
does not require a lot of typing to re-enter. And there is a history
log of changes.

Other uses of pages like this are for personal applications like a
To Do list, which only one person will be using, me. One click to
mark something done. No confirmation. But the record isn't deleted,
so undoing the change is possible (but not as convenient). I have
yet to need to do that yet.
Remember, of course, that this does
not stop anyone from deleting records with malicious intent - they can
submit a form from any other web site that is identical to yours - so you
will need an additional verification (login with cookies/session, etc).


There's already .htaccess requiring passwords *AND* a very limited
set of IP addresses that it can be used from on the whole virtualhost.
The malicious intent problem is basically solved by firing anyone
found to be doing anything malicious, and keeping good backups.

Gordon L. Burditt
Jul 18 '05 #7

<el************ *@yahoo.com> wrote in message
news:11******** **************@ g47g2000cwa.goo glegroups.com.. .
Is there a way to make a text link post to a form without passing all
the parameters in the url? The urls tend to get very long and messy. I
often wonder if there is a limit to how long they can get?


How about setting all those variable in an array:

$theArray = array();
$theArray['item1'] = "item1 value";
etc.
$_SESSION['theArray'] = $theArray;

Then in the receiving page:
$theArray = $_SESSION['theArray'] ;
and then use
$theArray['item1'], etc.

If they weren't set then the value is NULL.

BTW, this works for me.

Shelly
Jul 18 '05 #8
el************* @yahoo.com wrote:
: Is there a way to make a text link post to a form without passing all
: the parameters in the url? The urls tend to get very long and messy. I
: often wonder if there is a limit to how long they can get?

One possible technique

Use sessions.

Create a session for a user.

When you generate the table with all the links, save the details of each
link as part of the session, and index the details via an id, and use that
id in the link instead of the details.

<a href="mysite.co m/myscript.php?th e-id=A57">click here</a>


--

This space not for rent.
Jul 18 '05 #9
go***********@b urditt.org (Gordon Burditt) wrote:
I'd be interested in someone's idea for a solution to the general
problem: you have a table with possibly hundreds or thousands of
lines in it.


$button_n = 0;

function Button($text, $action)
{
global $button_n;
echo "<input type=submit name=button_", $button_n, " value=$text>";
echo "<input type=hidden name=action_", $button_n, " value=",
base64encode( serialize( $action ) ), ">";
/* optional: add an hidden field with the MAC of the serialized
$action, to be checked later on submit */
$button_n++;
}

/* Generate the form: */

for( every row of the table ){
echo "<form ...>";
echo "...the record...";
Button("Edit", array( "op" => EDIT, "record" => 1234 ));
Button("Remove" , array( "op" => REMOVE, "record" => 1234 ));
/* ...and so on for every button */
echo "</form>";
}

.....

/* Handle the POST: */

$n = examine $_POST looking for the number of the parameter
named "^button_[0-9]+$";
$action = unserialize( base64decode( $_POST['action_' . $n] ) );
-- do the action given by $action

Hint: all those hidden fields may conveniently be stored in the user session.
Hint 2: the "$action" may contain the name and the arguments of a function
to call, so that with Button() we set a "call-back". In this case, better
to use the session, or the MAC is mandatory to prevent tampering.

Regards,
___
/_|_\ Umberto Salsi
\/_\/ www.icosaedro.it

Jul 19 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
1582
by: mic | last post by:
I've spent last hour trying to debug my code, when I found out that instead of executing object's method I accidentaly overridden it with variable (see below example). My stupid! But as the system becomes more complex, I begun to wonder how to avoid such situations in the future. Does anybody have some experiences about that? Simple...
12
2137
by: Stephen Ferg | last post by:
I've just spent several very frustrating hours tracking down a bug in one of my programs. The problem was that I was writing text to a file, and when I was done I coded f.close when I should have been coding f.close()
0
1099
by: Erick | last post by:
Hi, Does any one know how to avoid to register of the event log source by the TransactedInstaller object? I have a service which have some code into the main method to self-register base on the paramenter. Im using the TransactedInstaller class to do this. In order to know the output from the installation I call the installation as this...
12
4412
by: Steve Jorgensen | last post by:
Since reading values from calculated controls in Access 2000 and 2002 from code has proven unrliable at best, and since I like to avoid running separate queries to calculate sums of subform records since they can give inconsistent results if there's more than on interface or user with access to the table, I wrote code to loop through a...
1
1518
by: Jack Addington | last post by:
1) I have created a visual control that relies on a logic class to do much of its work. 2) The logic class will be assigned on the form through a register method. 3) I have a public property for accessing the control defined. 4) To avoid other people calling the control before it is initialized I throw an ArgumentNullException in the...
19
2877
by: Charles Law | last post by:
Take a solution with a project hierarchy along the lines of an n-tier system, so that we have a data layer, business layer and presentation layer. The presentation layer is coupled to the business layer, and the business layer is coupled to the data layer. So far so good. Suppose the data layer raises an event, and it passes Me (the sender)...
0
3125
by: VeeraLakshmi | last post by:
I am doing a project for internet control using Java,PHP and MySql.All sites should go through the proxy server only.We are giving access rights as allow or deny to the sites.If we type the url,first it will ask for authentication.After giving username and password,the authentication will be confirmed and if the site has access right as...
15
3045
by: Lloyd Dupont | last post by:
I have some code which looks like that: public CornerStyle RectCornerMode { get { return this.GetValue<CornerStyle>(); } set { this.SetValue<CornerStyle>(value); } }
11
53095
Niheel
by: Niheel | last post by:
http://bytes.com/images/howtos/information_overloaded.jpgPaul Graham wrote an interesting article a few months back about how the internet is leading to information overload for information workers of today. He is not alone in his thinking. Similarly, In July of 2008 IBM, Intel, Microsoft and Xerox announced that they were joining forces with...
0
7868
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
8149
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7899
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8175
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6553
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5364
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3827
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1403
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1138
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.