Get to Post (PHP)

[NewBiee]

Hi, I'm recently having problems using Get because it shows a lot of vulnerabilities. What I need now is how do I work around this sample code?

<?php header("refresh:2;url=client_view.php?un=$un"); } ?>

So basically, it refreshes to the url xxx/client_view.php?un=$un
so I'm using to get the values of $un usting the GET method. Because of this, there would be a lot of vulnurabilites.

How do make my way to send the $un to client_view.php without using GET but POST and also, it don't want it to have buttons to submit one.

 

[MarPlo]

Hi,
You can use cUrl to send data via POST from php to an url address, and then to get the response.
You can find on the net details about cUrl.
Or, you can add the value of $un into a SESSION, then, in client_view.php you get that value from SESSION.

 

[Putin]

both POST and GET have the same amount of vulnerabilities ... it's just POST requires TamperData or a URLSnooper addon to change the POST'd data.

anyway, you cannot 'refresh' or 'location' via php headers to POST data .. you'd have to use a HTML form with the method set to POST and use javascript to autosubmit it (as I assume you want to autosubmit it since your PHP script is refreshing).

Edit: like marplo suggested, the best way to make it not vulnerable is to store the GET into a SESSION rather so it's not visible / tamperable by the front-end user (since it'd be handled server-side).

POST is user-side just like GET - so SESSION would be your best solution.