Php post data to url
Once the form data has been validated on the client-side, it is okay to submit the form. And, since we covered validation in the previous article, we're ready to submit! This
article looks at what happens when a user submits a form — where does the data go, and how do we handle it when it gets there? We also look at some of the security concerns associated with sending form data. First we'll discuss what happens to the data when a form is submitted. At its most basic, the web uses a client/server architecture that can be summarized as follows: a client (usually a web browser) sends a request to a server (most of the time a web server like Apache,
Nginx, IIS, Tomcat, etc.), using the HTTP protocol. The server answers the request using the same protocol.
An HTML form on a web page is nothing more than a convenient user-friendly way to configure an HTTP request to send data to a server. This enables the user to provide information to be delivered in the HTTP request. On the client side: defining how to send the dataThe
The action attributeThe
In this example, the data is sent to an absolute URL —
Here, we use a relative URL — the data is sent to a different URL on the same origin:
When specified with no attributes, as below, the Note: It's possible to specify a URL that uses the HTTPS (secure HTTP) protocol. When you do this,
the data is encrypted along with the rest of the request, even if the form itself is hosted on an insecure page accessed using HTTP. On the other hand, if the form is hosted on a secure page but you specify an insecure HTTP URL with the The
names and values of the non-file form controls are sent to the server as How the data is sent depends on the
The method attributeThe To understand the difference between those two methods, let's step back and examine how HTTP works. Each time you want to reach a resource on the Web, the browser sends a request to a URL. An HTTP request consists of two parts: a header that contains a set of global metadata about the browser's capabilities, and a body that can contain information necessary for the server to process the specific request. The GET methodThe
Consider the following form:
Since the
The data is appended to the URL as a series of name/value pairs. After the URL web address has ended,
we include a question mark (
The HTTP request looks like this:
The POST methodThe Let's look at an example — this is the same form we looked at in the
When the form is submitted using the
The Viewing HTTP requestsHTTP requests are never displayed to the user (if you want to see them, you need to use tools such as the Firefox Network Monitor or the Chrome Developer Tools). As an example, your form data will be shown as follows in the Chrome Network tab. After submitting the form:
You can then get the form data, as shown in the image below.
The only thing displayed to the user is the URL called. As we mentioned above, with a
On the server side: retrieving the dataWhichever HTTP method you choose, the server receives a string that will be parsed in order to get the data as a list of key/value pairs. The way you access this list depends on the development platform you use and on any specific frameworks you may be using with it. Example: Raw PHPPHP offers some global objects to access the data. Assuming you've used the
This example displays a page with the data we sent. You can see this in action in our example php-example.html file — which contains the same example form as we saw before, with a
Note: This example won't work when you load it into a browser locally — browsers cannot interpret PHP code, so when the form is submitted the browser will just offer to download the PHP file for you. To get it to work, you need to run the example through a PHP server of some kind. Good options for local PHP testing are MAMP (Mac and Windows) and AMPPS (Mac, Windows, Linux). Note also that if you are using MAMP but don't have MAMP Pro installed (or if the MAMP Pro demo time trial has expired), you might have trouble getting it working. To get it working again, we have found that you can load up the MAMP app, then choose the menu options MAMP > Preferences > PHP, and set "Standard Version:" to "7.2.x" (x will differ depending on what version you have installed). Example: PythonThis example shows how you would use Python to do the same thing — display the submitted data on a web page. This uses the Flask framework for rendering the templates, handling the form data submission, etc. (see python-example.py).
The two templates referenced in the above code are as follows (these need to be in a subdirectory called
Note: Again, this code won't work if you just try to load it into a browser directly. Python works a bit differently to PHP — to run this code locally you'll need to install Python/PIP, then install Flask using Other languages and frameworksThere are many other server-side technologies you can use for form handling, including Perl, Java, .Net, Ruby, etc. Just pick the one you like best. That said, it's worth noting that it's very uncommon to use these technologies directly because this can be tricky. It's more common to use one of the many high quality frameworks that make handling forms easier, such as:
It's worth noting that even using these frameworks, working with forms isn't necessarily easy. But it's much easier than trying to write all the functionality yourself from scratch, and will save you a lot of time. Note: It is beyond the scope of this article to teach you any server-side languages or frameworks. The links above will give you some help, should you wish to learn them. A special case: sending filesSending files with HTML forms is a special case. Files are binary data — or considered as such — whereas all other data is text data. Because HTTP is a text protocol, there are special requirements for handling binary data. The enctype attributeThis attribute lets you specify the value of the If you want to send files, you need to take three extra steps:
For example:
Note: Servers can be configured with a size limit for files and HTTP requests in order to prevent abuse. Security issuesEach time you send data to a server, you need to consider security. HTML forms are by far the most common server attack vectors (places where attacks can occur). The problems never come from the HTML forms themselves — they come from how the server handles data. The Website security article of our server-side learning topic discusses a number of common attacks and potential defenses against them in detail. You should go and check that article out, to get an idea of what's possible. Be paranoid: Never trust your usersSo, how do you fight these threats? This is a topic far beyond this guide, but there are a few rules to keep in mind. The most important rule is: never ever trust your users, including yourself; even a trusted user could have been hijacked. All data that comes to your server must be checked and sanitized. Always. No exception.
You should be able to avoid many/most problems if you follow these three rules, but it's always a good idea to get a security review performed by a competent third party. Don't assume that you've seen all the possible problems. SummaryAs we'd alluded to above, sending form data is easy, but securing an application can be tricky. Just remember that a front-end developer is not the one who should define the security model of the data. It's possible to perform client-side form validation, but the server can't trust this validation because it has no way to truly know what has really happened on the client-side. If you've worked your way through these tutorials in order, you now know how to markup and style a form, do client-side validation, and have some idea about submitting a form. See alsoIn this moduleAdvanced TopicsHow post URL in PHP?If you're looking to post data to a URL from PHP code itself (without using an html form) it can be done with curl. It will look like this: $url = 'http://www.someurl.com'; $myvars = 'myvar1=' . $myvar1 .
How do you post data into a URL?To send data using the HTTP POST method, you must include the data in the body of the HTTP POST message and specify the MIME type of the data with a Content-Type header. Below is an example of an HTTP POST request to send JSON data to the server.
How can I pass post parameters in a URL?You could use a button instead of an anchor and just style the button to look like a link. That way you could have your values in hidden fields inside the same form to be sent via POST. In addition to what Ben said, you can also let the link be a dummy and have it execute a javascript that submits a hidden form.
How can we access the data sent through the URL with the POST method in PHP?The data sent by POST method goes through HTTP header so security depends on HTTP protocol. By using Secure HTTP you can make sure that your information is secure. The PHP provides $_POST associative array to access all the sent information using POST method.
|