[vox-tech] Question about php settings and passing form data

ME vox-tech@lists.lugod.org
Tue, 4 Feb 2003 22:58:17 -0800 (PST) 

Troy Arnold said:
> On Tue, Feb 04, 2003 at 06:06:49PM -0800, ME wrote:
>> Hello,
>>
>> I want to use a php redirector
>> header('Location: http://website.nofun/redirect.....)
>> and I want to pass to the page ref-ed in the URI a number of FORM
>> variables.
>>
>> However, I am meeting with little luck on this.
>>
>> If I encode the variables as part of the URL with "&" as a separator, I
>> dcan get the form data and variables that store them (names) to pass
>> through to the page.
>
> Clarifying, you *can* get the above to work as it should?

Yes, the above is a method for passing form data within the URL. Of course
this is undesirable for things like passwords, and authentication strings.
Cookies might be better, but that assumes the form can me set to use them,
and I dont have access to modify that.

>> However, use of
>> $_SESSION["var_name"] = "var value";
>> Does not pass the variable or data, and use of
>> session_register('variable_name');
>> is also proving fruitless. (I only used one or the other (_SESSION vs
>> session_register()) not both.)
>>
>> I expect this should work, but cannot find mention of setting for
>> controlling this. (I even tried avoiding the appearance int he URL by
>> encoding a \r\nvarname:%20var%20value\r\n to fool the client into
>> passing
>> the URL with header data separate. No go.
>>
>> Suggestions on what config settings should be examined within php to
>> ensure that form data can be passed as it should, in the HTTP header
>> with
>> PHP 4.3.0?
>
> Session data in PHP is not passed as part of the HTTP request.  By
> default sessions are stored in whatever container your session handler
> provides (like a database, for example).  The default session handler
> stores the session as a flat file in /tmp, unless you're smart/paranoid
> and have changed the value for session.save_path.  What *is* passed is
> the session id, via either GET, POST or cookies.
>
> To see if the sessid is geting passed through your redirect, try:
> echo session_id();
> Make sure it's the same on the page before the redirect and on the page
> after.

I set up a script that prints *all* form data passed through to it, and am
using this script to print all of the data.

I have restrictions on what I can do. I can customize the redirect pace in
php as much as I wish, but I cannot alter the redirect page that is the
destination.

Use of the variable assignment encoded within the url and separated with
the "&" *does* work. I have verified that this method does get the form
variables passed with the names I specify and the values they are
assigned. This tells me that it will work once the form data arrives on
the form with the same value.

An ideal solution would be a complement to the header directive that
permits me to encode arbitrary header information. If I had access to
this, then I could manually encode the form data through header data, or
perhaps a way to force certain data to pass as html FORM data. However, it
seems many of the low-level controls that I am familiar with using are not
there. Certainly, many of the more complex things seem easier to code for
the web in php, but the control with respect to granularity is missing as
a cost of this easy to use, productive environment.

Thanks,
-ME

> Also, the php function phpinfo() can be useful for debugging.
>
> Did I understand your problem correctly?  If not, please clarify.

I'll play with phpinfo() to see if it offers me more than my present
solution. (My present form data printer has been tested with PERL form
posts, shell scripts, C, and simple html form posting of data, so I am
very certain all data is being printed, and this re-enforces the
experience I have where form data makes it with url encoded but not with
other tested methods and the header redirective of php.)

-ME



--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant