Sign in to follow this  
vlzvl

[web] something difficult (?) for PHP...

Recommended Posts

Hello, i just wanted to know if the following is possible in PHP: to execute (visit) a php file with/or no parameters, without getting any dynamic HTML, just command it to do something etc. update database.. This is not a matter of life and death, but i wondered if there is a way to avoid wasted bandwidth by downloading the same page after php execution, without saying anything about flickering ;) & other re-loading problems. I suppose it would be terrible for such power (php) & such great deal of DLLs ;) to lack in such simple tasks. thanx

Share this post


Link to post
Share on other sites
thanx,
i've found a great interest in XMLHttpRequest object of javascript (?) which is a large part of AJAX logic, to retrieve/set data between the 2 points, but i have a question: isnt this some kind of transforming browser networking into something more 'open' to hackers? also this is something new, is there a 'level' of safety like php?
Another question: with ajax i will be able to send pure data or even URL with params (just like php) so to keep things 'closed'... If only data can be sent/get then i suppose is not something i want (im making a browser game, heavily dependent to url params)
I'll look into ajax, but if you have some general info about using it just tell me

thanx

Share this post


Link to post
Share on other sites
after some deeper search, i found:

var url="blah.php?param1=1¶m2=yoohoo";

// for mozilla,opera,safari
xmlHttp=new XMLHttpRequest();
// for IE
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
or
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
.
.
.
xmlHttp.open("GET",url,true) // POST i suppose to just send to php?
xmlHttp.send(null)


now my question: this simple piece above will be able to execute the php with the given params, without receiving dynamic HTML?
If yes, are there any black holes? or requirements in client-side? (i heard that ajax on javascript is just a wrapper of the whole thing)

thanx

Share this post


Link to post
Share on other sites
You don't really execute PHP. The web server executes PHP. The most you can do is send an HTTP request to the web server. How you send that request is irrelevant—could be a normal browser visit, wget or some other downloader, a request from Ajax, some application using an HTTP request library (.NET or cURL) or even a bot from google—what matters is that the web server receives an HTTP request and reacts by executing a PHP script and sending back a response based on what the PHP script did.

Writing a bit of javascript will never create a security hole on the server: either the hole already exists, or it doesn't. javascript code can be written by anyone to send requests to your server, so plan for it.

If the PHP script outputs things, it goes into the body of the HTTP response. if it edits any headers, those are added to the HTTP response. So, you cannot choose not to return anything (but you can choose to return only the bare minimum: the basic "success" headers).

Three things may happen when an user submits data to a server:
  • The user's browser moves to a new URL, which runs a request, and that request causes the server to update a database and return a new page.
  • The user's browser moves to a new URL, which runs a request, and that request causes the server to update a database and redirect to a new URL, which does another request, which does nothing to the database and returns a new page.
  • The user's browser remains in place, but a script submits data through an http request, causing the server to update a database and return some data that is either ignored or parsed to determine success or failure.

Share this post


Link to post
Share on other sites
thanx ToohrVyk,
yes i knew that server is executing everything ;) but i was too knee deep in the trouble trying to make html able to send url data to server.
AJAX is -exactly- what i wanted; a clean way to send php params & commands, possibly -without- pure data to prevent 'anything'...
I suppose AJAX can return data too, but thats too harmful and 'open' ;)
So, thanx my friend & Codeca

-solved-

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this