[Javascript] Prepacking the HTTP_POST array from JavaScript

Chris Tifer christ at saeweb.com
Tue Aug 26 13:33:18 CDT 2003 

I'm pretty sure that's how it all works. If you have parameters appended,
such as:
?var1=val1&var2=val2 but declare the form as being posted, those values
will post, not show in the querystring of the URL. I guess I should go test
to
find out, but I'm lazy :)

Chris Tifer
http://emailajoke.com

----- Original Message ----- 
From: "David Lovering" <dlovering at gazos.com>
To: "[JavaScript List]" <javascript at LaTech.edu>
Sent: Tuesday, August 26, 2003 2:02 PM
Subject: Re: [Javascript] Prepacking the HTTP_POST array from JavaScript


> Thanks for the suggestion -- I did, and the variables were there (just not
> listed under the HTTP_POST_VARS array).  What is strange is that even
though
> they did appear under the HTTP_GET_VARS array, their values did not appear
> embedded in the URL stream (as is customary for a 'GET').  In other words,
> the GET submission was transmitted using the same mechanism as the POST,
but
> arrived in its usual containers at the other end.  Very odd!  I'm
beginning
> to wonder just how many other container arrays can be shipped via implicit
> posting in the same fashion.  Maybe this is just some wierd hallucinogenic
> MicroSoftian oversight, but should it have any grounding in W3C standards
it
> could prove quite useful.
>
> -- Dave Lovering
>
> ----- Original Message ----- 
> From: "Roger Roelofs" <rer at datacompusa.com>
> To: "[JavaScript List]" <javascript at LaTech.edu>
> Sent: Tuesday, August 26, 2003 10:13 AM
> Subject: Re: [Javascript] Prepacking the HTTP_POST array from JavaScript
>
>
> > Dave,
> >
> > Did you check your access log to see if the query string was sent back
> > by the browser?  the php script won't consider them POST variables, but
> > they are available with some php code changes.
> >
> > On Tuesday, August 26, 2003, at 12:41  PM, David Lovering wrote:
> >
> > > After the appropriate loin-girding exercise, I tried appending the
> > > .action
> > > declaration with some additional fields, etc.
> > > As one might logically expect, there was no recognition of them by the
> > > forms
> > > handler.  Does one have to sacrifice a goat or something to make this
> > > work?
> > > Are there odd and recondite strings required to "join" the artificial
> > > variables onto the HTTP_POST array?  Inquiring minds want to know...
> > >
> > > -- Dave Lovering
> > >
> > > ----- Original Message -----
> > > From: "Chris Tifer" <christ at saeweb.com>
> > > To: "[JavaScript List]" <javascript at LaTech.edu>
> > > Sent: Tuesday, August 26, 2003 9:20 AM
> > > Subject: Re: [Javascript] Prepacking the HTTP_POST array from
> > > JavaScript
> > >
> > >
> > >> One thing might be to change the .action property of the form, but:
> > >>
> > >>> Also, I don't want the user on the client machine to be able to
> > >>> query those variables, as some of them may give them an edge in
> > >> penetrating
> > >>> aspects of the code I'd just as soon keep secure.
> > >>
> > >> Client-side and secure do not mix. I don't know what
"security-related
> > >> thingies"
> > >> can possibly be done client-side that an advanced user can't figure
> > >> out.
> > >>
> > >> Chris Tifer
> > >> http://emailajoke.com
> > >>
> > >>
> > >> ----- Original Message -----
> > >> From: "David Lovering" <dlovering at gazos.com>
> > >> To: "[JavaScript List]" <javascript at LaTech.edu>
> > >> Sent: Tuesday, August 26, 2003 12:11 PM
> > >> Subject: [Javascript] Prepacking the HTTP_POST array from JavaScript
> > >>
> > >>
> > >>> Anybody have any insanely cute ways of pre-packing some additional
> > >> variables
> > >>> onto a HTTP_POST session (in addition to the form fields) prior to
> > >> invoking
> > >>> the appropriate htmlForm.submit() call?  I'd like to be able to
> > >>> augment
> > >> the
> > >>> formlist fields with some computed fields (mostly involving
> > >> security-related
> > >>> thingies), and I sure don't want to stick in any more hidden fields
> > >>> if I
> > >> can
> > >>> help it.  Also, I don't want the user on the client machine to be
> > >>> able
> > > to
> > >>> query those variables, as some of them may give them an edge in
> > >> penetrating
> > >>> aspects of the code I'd just as soon keep secure.
> > >>>
> > >>> For example, if I have a form
> > >>>
> > >>> <form name='myForm' id='myForm' enctype='multipart/form-data'
> > >> method='post'
> > >>> onsubmit='myCode.js' action='dosomething.php'>
> > >>>   <table cellspacing=0 cellpadding=3 align='center' valign='top'
> > > border=0>
> > >>>     <tr>
> > >>>       <td align='right' valign='middle'>my input</td>
> > >>>       <td align='left' valign='middle'><input type='text' size=30
> > >>> name='my_input' value=''></td>
> > >>>     </tr>
> > >>>     <tr>
> > >>>       <td></td>
> > >>>       <td align='left' valign='middle'><input type='submit'
> > >>> value='submit'></td>
> > >>>     </tr>
> > >>>   </table>
> > >>> </form>
> > >>>
> > >>> what must I insert in the code routine 'myCode.js' to add another
> > >>> field,
> > >> say
> > >>> 'authcode=F7A623' to the HTTP_POST_VARS array which is seen by
> > >>> dosomething.php?
> > >>>
> > >>> With HTTP_GET variables it is simply a matter of packing the URL
with
> > > the
> > >>> variable-names, their values, and the appropriate separators.
> > > Obviously,
> > >>> with a POST this method doesn't strictly apply.
> > >>>
> > >>> [Don't get hung up on the PHP code issue -- the forms handler could
> > >>> be
> > >>> almost anything].
> > >>>
> > >>> -- Dave Lovering
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> Javascript mailing list
> > >>> Javascript at LaTech.edu
> > >>> https://lists.LaTech.edu/mailman/listinfo/javascript
> > >>>
> > >>
> > >> _______________________________________________
> > >> Javascript mailing list
> > >> Javascript at LaTech.edu
> > >> https://lists.LaTech.edu/mailman/listinfo/javascript
> > >>
> > >>
> > >
> > >
> > > _______________________________________________
> > > Javascript mailing list
> > > Javascript at LaTech.edu
> > > https://lists.LaTech.edu/mailman/listinfo/javascript
> > >
> >
> > _______________________________________________
> > Javascript mailing list
> > Javascript at LaTech.edu
> > https://lists.LaTech.edu/mailman/listinfo/javascript
> >
>
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>

More information about the Javascript mailing list