post and php (newbie question)

On 2008-08-16, cp******@gmail.com <cp******@gmail.comwrote:

>
Hi,

Does anyone know if it's possible to post to a page without using a
form? For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

The short answer is no.

However, it might be possible to create some hack using AJAX to
send data specific to the user's system (I don't know what might
be unique) and then dynamically generate the rest of the page
based on that.

This fails spectacularly when JS is disabled, though.

Why not just use cookies?

--
Andrew Poelstra ap*******@wpsoftware.com
To email me, use the above email addresss with .com set to .net

Andrew Poelstra wrote:

On 2008-08-16, cp******@gmail.com <cp******@gmail.comwrote:

>Hi,

Does anyone know if it's possible to post to a page without using a
form? For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

The short answer is no.

However, it might be possible to create some hack using AJAX to
send data specific to the user's system (I don't know what might
be unique) and then dynamically generate the rest of the page
based on that.

This fails spectacularly when JS is disabled, though.

Why not just use cookies?

Why nor just simply enclose it in a form? BTW, what happens with
writing to cookies to pass information if the user has cookies disabled?

cp******@gmail.com wrote:

Hi,

Does anyone know if it's possible to post to a page without using a
form? For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

You can't post to a page. But why not put the variable in the $_SESSION
array? That's what it's there for.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

On 2008-08-16, sheldonlg <sheldonlgwrote:

Andrew Poelstra wrote:

>On 2008-08-16, cp******@gmail.com <cp******@gmail.comwrote:

>>Hi,

Does anyone know if it's possible to post to a page without using a
form? For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

The short answer is no.

However, it might be possible to create some hack using AJAX to
send data specific to the user's system (I don't know what might
be unique) and then dynamically generate the rest of the page
based on that.

This fails spectacularly when JS is disabled, though.

Why not just use cookies?

Why nor just simply enclose it in a form?

Because that would require a form-submission to reach every page.

BTW, what happens with writing to cookies to pass information
if the user has cookies disabled?

I've tried browsing without cookies. Oftentimes it is much faster and
sites are easier to use - and consistent, since they are stateless -
but I can log into very few sites. I don't consider this a fault of
any given site, nor do most users who have the presence-of-mind to
disable cookies.

The only two technically-feasable ways to maintain session data is
through cookies or URL rewriting. The former will not, as you say,
work without cookies, but the latter is fraught with peril.

--
Andrew Poelstra ap*******@wpsoftware.com
To email me, use the above email addresss with .com set to .net

On 2008-08-16, Jerry Stuckle <js*******@attglobal.netwrote:

cp******@gmail.com wrote:

>Hi,

Does anyone know if it's possible to post to a page without using a
form? For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

You can't post to a page. But why not put the variable in the $_SESSION
array? That's what it's there for.

$_SESSION still depends on cookies or URL rewriting behind the scenes to
keep its session data associated with the appropriate user.
--
Andrew Poelstra ap*******@wpsoftware.com
To email me, use the above email addresss with .com set to .net

On Aug 15, 9:53*pm, cplxp...@gmail.com wrote:

Hi,

Does anyone know if it's possible to post to a page without using a
form? *For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

Yes why not it can be done with AJAX

On 2008-08-16, raashid bhatt <ra*********@yahoo.comwrote:

On Aug 15, 9:53*pm, cplxp...@gmail.com wrote:

>Hi,

Does anyone know if it's possible to post to a page without using a
form? *For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

Yes why not it can be done with AJAX

Because AJAX requires javascript, which should never be used for
site-critical functionality.

--
Andrew Poelstra ap*******@wpsoftware.com
To email me, use the above email addresss with .com set to .net

..oO(Andrew)

>On 2008-08-16, Jerry Stuckle <js*******@attglobal.netwrote:

>>
You can't post to a page. But why not put the variable in the $_SESSION
array? That's what it's there for.

$_SESSION still depends on cookies or URL rewriting behind the scenes to
keep its session data associated with the appropriate user.

Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.

Micha

..oO(raashid bhatt)

>On Aug 15, 9:53*pm, cplxp...@gmail.com wrote:

>Hi,

Does anyone know if it's possible to post to a page without using a
form? *For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

Yes why not it can be done with AJAX

AJAX will cause usability and accessibility problems if not done
properly. And in this case it's definitely the wrong tool.

Micha

Thank you everyone for the replies. I suppose that the best answer is
to use variables in $_SESSION? I am just learning PHP; while I'm
pretty good at C++, I've never done serious web programming before, so
while I had just learned about cookies, I haven't gotten to the
session tutorial yet.

Thanks again for the info. I have a follow-up question, if that's
alright...can anyone recommend a single PHP book that is good for
picking up PHP quickly for web application development that is geared
towards people with a programming background? I have the PHP for
Dummies guide somewhere, but as I recall it wasn't very advanced. I
read somewhere about the Safari books...are they any good?

Thanks again,
Phil

On 2008-08-16, cp******@gmail.com <cp******@gmail.comwrote:

>
Thank you everyone for the replies. I suppose that the best answer is
to use variables in $_SESSION? I am just learning PHP; while I'm
pretty good at C++, I've never done serious web programming before, so
while I had just learned about cookies, I haven't gotten to the
session tutorial yet.

Thanks again for the info. I have a follow-up question, if that's
alright...can anyone recommend a single PHP book that is good for
picking up PHP quickly for web application development that is geared
towards people with a programming background? I have the PHP for
Dummies guide somewhere, but as I recall it wasn't very advanced. I
read somewhere about the Safari books...are they any good?

I learnt a lot from Professional PHP5, ISBN 978-0764572821.

It also had a very useful chapter on session handling.

--
Andrew Poelstra ap*******@wpsoftware.com
To email me, use the above email addresss with .com set to .net

Andrew wrote:

On 2008-08-16, Jerry Stuckle <js*******@attglobal.netwrote:

>cp******@gmail.com wrote:

>>Hi,

Does anyone know if it's possible to post to a page without using a
form? For example, if I want to pass a variable to another page
without using a cookie, is there a way to pass it using post?

Thank you,
Phil

You can't post to a page. But why not put the variable in the $_SESSION
array? That's what it's there for.

$_SESSION still depends on cookies or URL rewriting behind the scenes to
keep its session data associated with the appropriate user.

And anyone who doesn't allow any of that isn't going to be visiting many
websites. Virtually every website (at least the good ones) which use
logins uses sessions in one language or another. And virtually every
site which saves data between pages uses sessions and/or cookies at some
time or another.

If you don't want to use cookies and don't want to use sessions, then
you must either post the data from a form or put in the in the URL.
That's the only way you can pass data between pages.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Michael Fesser wrote:

.oO(Andrew)

>On 2008-08-16, Jerry Stuckle <js*******@attglobal.netwrote:

>>You can't post to a page. But why not put the variable in the $_SESSION
array? That's what it's there for.

$_SESSION still depends on cookies or URL rewriting behind the scenes to
keep its session data associated with the appropriate user.

Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.

Micha

Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.

..oO(The Natural Philosopher)

>Michael Fesser wrote:

>>
Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.

Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.

It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha

Michael Fesser wrote:

.oO(The Natural Philosopher)

>Michael Fesser wrote:

>>Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.

Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.

It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha

I agree, Micha - it is much better than any of the other choices.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Michael Fesser wrote:

.oO(The Natural Philosopher)

>Michael Fesser wrote:

>>Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.

Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.

It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha

Dont be silly.

All sessions are are a pre-built system to pass a session ID between
browser and driver, using either a URL GET or a cookie.
Which is the only way it CAN be done.

So sessions are nothing special at all. They are as secure or insecure
as any other system using the same basic token passing methods.

The Natural Philosopher wrote:

Michael Fesser wrote:

>.oO(The Natural Philosopher)

>>Michael Fesser wrote:
Sure, but it's the correct way for passing data from one page to
another
and in such cases I simply require a session cookie on my sites.

Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.

It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha

Dont be silly.

All sessions are are a pre-built system to pass a session ID between
browser and driver, using either a URL GET or a cookie.
Which is the only way it CAN be done.

So sessions are nothing special at all. They are as secure or insecure
as any other system using the same basic token passing methods.

Coming from someone who truly has no idea about site security...

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

..oO(The Natural Philosopher)

>Michael Fesser wrote:

>.oO(The Natural Philosopher)

>>Michael Fesser wrote:
Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.

Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.

It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha

Dont be silly.

All sessions are are a pre-built system to pass a session ID between
browser and driver, using either a URL GET or a cookie.

We were talking about how to pass data from one page to another, not
about how to implement a session management.

>So sessions are nothing special at all. They are as secure or insecure
as any other system using the same basic token passing methods.

For the issue this thread is all about sessions are more secure, simply
because the data stored there never leaves the server. All other methods
(cookies, GET, POST) expose the data to the client, which makes it easy
to manipulate and requires validation over and over again on every page
that wants to use it.

Client data can be never be trusted, while the session container can be
considered a secure environment. Hence it's in many cases the preferred
way for keeping data across several HTTP requests.

Micha

Michael Fesser wrote:

.oO(The Natural Philosopher)

>Michael Fesser wrote:

>>.oO(The Natural Philosopher)

Michael Fesser wrote:
Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.
>
Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.
It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha

Dont be silly.

All sessions are are a pre-built system to pass a session ID between
browser and driver, using either a URL GET or a cookie.

We were talking about how to pass data from one page to another, not
about how to implement a session management.

>So sessions are nothing special at all. They are as secure or insecure
as any other system using the same basic token passing methods.

For the issue this thread is all about sessions are more secure, simply
because the data stored there never leaves the server. All other methods
(cookies, GET, POST) expose the data to the client, which makes it easy
to manipulate and requires validation over and over again on every page
that wants to use it.

Client data can be never be trusted, while the session container can be
considered a secure environment. Hence it's in many cases the preferred
way for keeping data across several HTTP requests.

Micha

Forget it, Micha. He's one again proving he has no idea what he's
talking about.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

..oO(Jerry Stuckle)

>Forget it, Micha. He's one again proving he has no idea what he's
talking about.

But most^Wmany^Wsome people are able to learn. ;)

Micha

Michael Fesser wrote:

.oO(The Natural Philosopher)

>Michael Fesser wrote:

>>.oO(The Natural Philosopher)

Michael Fesser wrote:
Sure, but it's the correct way for passing data from one page to another
and in such cases I simply require a session cookie on my sites.
>
Its not the 'correct' way. Its 'A' way.

It has its good and bad points like anything else.
It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha

Dont be silly.

All sessions are are a pre-built system to pass a session ID between
browser and driver, using either a URL GET or a cookie.

We were talking about how to pass data from one page to another, not
about how to implement a session management.

>So sessions are nothing special at all. They are as secure or insecure
as any other system using the same basic token passing methods.

For the issue this thread is all about sessions are more secure, simply
because the data stored there never leaves the server.

That can be the case for any other system that merely passes a session
ID and leaves the data on the server.

>All other methods
(cookies, GET, POST) expose the data to the client, which makes it easy
to manipulate and requires validation over and over again on every page
that wants to use it.

You don't seem to understand tat all a session is, is reducing the data
passed to *ONE* GET POST or cookie.

You cam implement that yourself easily, and probably more securely than
sessions does..by e.g. storing 'session' data in a database.

Intrinsically all sessions are, is a wrapper round a basic GET or
cookie token passing system, and are not more secure than any other way
that might be implemented.

>
Client data can be never be trusted, while the session container can be
considered a secure environment. Hence it's in many cases the preferred
way for keeping data across several HTTP requests.

You may consider it secure if you want. Excuse me if I consider the
possibility that someone else might easily 'steal' a session.

>
Micha

Jerry Stuckle wrote:

Michael Fesser wrote:

>.oO(The Natural Philosopher)

>>Michael Fesser wrote:
.oO(The Natural Philosopher)

Michael Fesser wrote:
>Sure, but it's the correct way for passing data from one page to
>another
>and in such cases I simply require a session cookie on my sites.
>>
Its not the 'correct' way. Its 'A' way.
>
It has its good and bad points like anything else.
It's the correct way, since the alternatives have much more drawbacks
and security issues.

Micha
Dont be silly.

All sessions are are a pre-built system to pass a session ID between
browser and driver, using either a URL GET or a cookie.

We were talking about how to pass data from one page to another, not
about how to implement a session management.

>>So sessions are nothing special at all. They are as secure or
insecure as any other system using the same basic token passing methods.

For the issue this thread is all about sessions are more secure, simply
because the data stored there never leaves the server. All other methods
(cookies, GET, POST) expose the data to the client, which makes it easy
to manipulate and requires validation over and over again on every page
that wants to use it.

Client data can be never be trusted, while the session container can be
considered a secure environment. Hence it's in many cases the preferred
way for keeping data across several HTTP requests.

Micha

Forget it, Micha. He's one again proving he has no idea what he's
talking about.

Reversing the truth may make you feel better Jerry, but it doesn't
change the truth.

Tell me how a session ID is preserved between multiple broswer
connections without using a GET or cookie.

I asked you before, and you failed to answer.

I even posted the PHP manual section where it explicitly states that its
done via a GET or cookie.

The natural conclusion is you either knew you were wrong, or didn't know
the answer at all.

The Natural Philosopher wrote:

Jerry Stuckle wrote:

>Michael Fesser wrote:

>>.oO(The Natural Philosopher)

Michael Fesser wrote:
.oO(The Natural Philosopher)
>
>Michael Fesser wrote:
>>Sure, but it's the correct way for passing data from one page to
>>another
>>and in such cases I simply require a session cookie on my sites.
>>>
>Its not the 'correct' way. Its 'A' way.
>>
>It has its good and bad points like anything else.
It's the correct way, since the alternatives have much more drawbacks
and security issues.
>
Micha
Dont be silly.

All sessions are are a pre-built system to pass a session ID between
browser and driver, using either a URL GET or a cookie.

We were talking about how to pass data from one page to another, not
about how to implement a session management.

So sessions are nothing special at all. They are as secure or
insecure as any other system using the same basic token passing
methods.

For the issue this thread is all about sessions are more secure, simply
because the data stored there never leaves the server. All other methods
(cookies, GET, POST) expose the data to the client, which makes it easy
to manipulate and requires validation over and over again on every page
that wants to use it.

Client data can be never be trusted, while the session container can be
considered a secure environment. Hence it's in many cases the preferred
way for keeping data across several HTTP requests.

Micha

Forget it, Micha. He's one again proving he has no idea what he's
talking about.

Reversing the truth may make you feel better Jerry, but it doesn't
change the truth.

Tell me how a session ID is preserved between multiple broswer
connections without using a GET or cookie.

I asked you before, and you failed to answer.

I even posted the PHP manual section where it explicitly states that its
done via a GET or cookie.

The natural conclusion is you either knew you were wrong, or didn't know
the answer at all.

The "natural conclusion" can only be drawn by a total idiot. Which is
why it doesn't surprise me that you came to it.

I've tried explaining it to you many times before. But either you are
too stoopid to learn, or don't want to learn.

Either way, I'm not going to try to explain it to you any more. It's as
effective as teaching a pig to sing.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

..oO(The Natural Philosopher)

>>All other methods
(cookies, GET, POST) expose the data to the client, which makes it easy
to manipulate and requires validation over and over again on every page
that wants to use it.

You don't seem to understand tat all a session is, is reducing the data
passed to *ONE* GET POST or cookie.

Irrelevant here.

>You cam implement that yourself easily, and probably more securely than
sessions does..by e.g. storing 'session' data in a database.

A simple DB is as secure as a flat file.

>Intrinsically all sessions are, is a wrapper round a basic GET or
cookie token passing system, and are not more secure than any other way
that might be implemented.

They are more secure than passing the same data by GET or POST, as I've
already explained.

>Client data can be never be trusted, while the session container can be
considered a secure environment. Hence it's in many cases the preferred
way for keeping data across several HTTP requests.

You may consider it secure if you want. Excuse me if I consider the
possibility that someone else might easily 'steal' a session.

And what does this have to do with the possibility of manipulating the
actual data? It's the data we're talking about here, nothing else. GET
and POST data is easy to fake, SESSION data is safe. It's that simple.

And stealing a session is not that easy if you do it right.

Micha