PHWinfo - Afficher un message - How to shortcut execute php script without filling out form?

11/10/2007, 22h25

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

worktech@gmail.com wrote:
> This is not my website I am dealing with, it is a public site that
> uses a form that has the code above. So why can't I just pass the
> data through the address bar? Is there some security in place that
> might prevent url passing of variables?

The problem arising from this is what could occur when someone bookmarks
or links to a URL with data in them. Every search engine that will find
the link will also execute the script and submit the data.

GET should always be used to _get_ data from a server, POST should always
be used to _modify_ data on a server and HEAD should always be used to
_retrieve headers_ from a server.

> If I can't do that, would writing a script that uses sockets be able
> to accomplish this somehow?

Sure it is. Read up on the HTTP specs. After all, your browser uses
sockets to send the data to the server.

> Or is it somehow not possible without
> using their html form

A HTML form simply describes what data the browser should allow a user to
submit.

- --
Brendan Gillatt
brendan {at} brendangillatt {dot} co {dot} uk
http://www.brendangillatt.co.uk
PGP Key: http://pgp.mit.edu:11371/pks/lookup?...rch=0xBACD7433
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFHDpS3kA9dCbrNdDMRAtKaAKCkJj1Tf004ECPugEavPP SIHjTKaACgg/Zf
pJPbJQfMTE9tI2fYG07n3Zo=
=+3CE
-----END PGP SIGNATURE-----

11/10/2007, 22h25	#2
Brendan Gillatt Messages: n/a Hébergeur:	Re: How to shortcut execute php script without filling out form? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 worktech@gmail.com wrote: > This is not my website I am dealing with, it is a public site that > uses a form that has the code above. So why can't I just pass the > data through the address bar? Is there some security in place that > might prevent url passing of variables? The problem arising from this is what could occur when someone bookmarks or links to a URL with data in them. Every search engine that will find the link will also execute the script and submit the data. GET should always be used to _get_ data from a server, POST should always be used to _modify_ data on a server and HEAD should always be used to _retrieve headers_ from a server. > If I can't do that, would writing a script that uses sockets be able > to accomplish this somehow? Sure it is. Read up on the HTTP specs. After all, your browser uses sockets to send the data to the server. > Or is it somehow not possible without > using their html form A HTML form simply describes what data the browser should allow a user to submit. - -- Brendan Gillatt brendan {at} brendangillatt {dot} co {dot} uk http://www.brendangillatt.co.uk PGP Key: http://pgp.mit.edu:11371/pks/lookup?...rch=0xBACD7433 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFHDpS3kA9dCbrNdDMRAtKaAKCkJj1Tf004ECPugEavPP SIHjTKaACgg/Zf pJPbJQfMTE9tI2fYG07n3Zo= =+3CE -----END PGP SIGNATURE-----