SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Addict o~~Goatee~~o's Avatar
    Join Date
    Jan 2004
    Location
    North Yorkshire UK
    Posts
    350
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    POSTing data without having it in a form field

    Hi there

    I have a form that must POST data to a another server. Some of the data that is POSTed is read from a database and is placed in some hidden fields. Also, some of this data is sensitive so I really don't want to place it in a hidden form field as then it would be viewable in the html source code. So, is it at all possible to POST the sensitive data without having it viewable in the html?

    Many thanks

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,175
    Mentioned
    191 Post(s)
    Tagged
    2 Thread(s)

    POST visibility

    I think it's always potentially visible. The secret is to encrypt it so no one knows what it is. You may want to look into HTTPS SSL

  3. #3
    SitePoint Addict o~~Goatee~~o's Avatar
    Join Date
    Jan 2004
    Location
    North Yorkshire UK
    Posts
    350
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi. Yeah, the website will be running securely with SSL. But the problem is that if a user is logged in and they look at the source code on the page with the form then they will be able to view the sensitive info. That in itself isn't a problem, but if that users account is accessed by someone else then its important that they don't see the info.

    Thanks

  4. #4
    SitePoint Member
    Join Date
    Mar 2006
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i think what he menas is encrypt it before it gets to the client so basically:

    *pull from DB*

    *encrypt*

    ----------visible to user-------
    put in hidden field

    POST

    ------/visible to user--------

    *decrypt*

    *do what u want with data*

    and the script to the user would just look like

    <input type="hidden" value="021as15165121ds5165rthtrh51651sdf5151rg">

    (that would be the encrypted data)

    i hope you get what i mean - if that is what you wanted?

    --edit--

    or fo rthat matter, why should the data even be shown to the client how about just not putting it in a form, just move it via php?

    what is it you want to do exactly?

  5. #5
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if you want to post data to another server, php can do this using its socket functions. the user will never see the data.

    the curl library is handy for this

    www.php.net/curl

    there is also a package from PEAR for this
    http://pear.php.net/package/HTTP_Request/

    i beleive the pear one comes with an example of how to do it, but either of those can be googled for tutorials.

  6. #6
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Snoopy, the web client class for PHP - old but good! Snoopy makes doing things like logging in to remote sites and posting forms or retrieving data easy.

  7. #7
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ah yeah i was trying to think of the name but couldnt snoopy is a nice one as well, and i like the name lol


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •