Possible to make a variable "POST" even if not actually submitted by browser?


Is it possible to create a variable that uses the special “POST” value even if it was not actually submitted by the browser?

For example…

I have a form_processing.php script that is already created and working. It adds some values to a database based on a webpage form that is submitted. The script uses $_POST for all the “incoming” values, like this:

if ($_POST['message'] == "whatever") { //insert into database }

What I would like to do is “call” this form_processing script from another script that runs by email piping, so that the form_processing.php script can run from an email instead of a webpage form.

So for example, in my email piping script (executed when an email is received), I have something like this:

 //parse the email and extract $subject and $message

$_POST['message'] = $message;
$_POST['subject'] = $subject;

//Now "call" the form_processing.php script.

Will that work? Will the “form_processing.php” script behave as if it is receiving the $_POST values from a browser?

(I have tested, but can’t seem to get this working, so I wanted to ask before I spend more time trying to figure it out…)


Yes, you can create the $_POST array manually if you want.

You handler might look something like this:


// look for evidence that a mandatory field has been filled in and submitted
// as a post var

if( !isset($_POST['subject'])){

// $message has got to come from somewhere else
// the re-assign it so that it becomes part of the 
// $_POST array

$_POST['message'] = $message;
$_POST['subject'] = $subject;


// continue as normal, accessing a single array 
// of $_POST vars

echo $_POST['subject'] . ' - ' . $_POST['message'];

You can. You shouldn’t but you can. The input arrays should, in theory, be read only attributes. In practice they do get written to, especially when fighting balls of mud code. I’m presuming this form_processing block of code is already written and debugged and you just don’t want to tamper with it, so that’s fine - if you are in a hurry. If you have the time you need to separate the form processing logic (reading $_POST ) from the actual database writing mechanism. Then you can create your own data and bypass the form filtering step.

Exactly. The form_processing.php script is a “black box” that I am not able to modify or even see because it’s encrypted… I know it accepts $_POST variables since I can view the HTML form. :slight_smile:

So I’m basically wanting to “run” the form_processing.php script directly via email piping instead of manually from a webpage submission.