SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    PHP Otaku Gibb's Avatar
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Request.Params, getting only POST values?

    I'm a PHP programmer primarily, and I'm used to passing form values via POST and retrieving them using the $_POST array. I've recently been working on a .NET VB web application and a friend of mine said he can use a web scraping tool on my site. I'm passing variables using POST in my code, so it boggled my mind that he could scrape my site using GET values thrown into the URL field. Apparently the Request.Params array doesn't distinguish between POST and GET, unless I'm just mistaken.

    Is there anyway to only retrieve POST values in .NET VB to protect my site from web scraping?

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,653
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Try Request.Form, it has the post variables.

  3. #3
    PHP Otaku Gibb's Avatar
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Try Request.Form, it has the post variables.
    Doesn't Request.Form also contain GET values?

    I'm trying to prevent web scraping via URL passed values.

  4. #4
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,653
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    No, Request.Form is equivalent to $_POST.

    Now, if someone figures out you are just looking at POST, they could probably scrape the site anyhow with CURL or other similar tools.

  5. #5
    PHP Otaku Gibb's Avatar
    Join Date
    Jul 2004
    Location
    Texas
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    No, Request.Form is equivalent to $_POST.

    Now, if someone figures out you are just looking at POST, they could probably scrape the site anyhow with CURL or other similar tools.
    Great, thanks.

    I plan on implementing other safe guards to prevent scraping as well, such as monitoring large numbers of page views within a set time and so forth, but hopefully I'll cut back on some web scraping using Request.Form.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •