NYCPHP Meetup

[nycphp-talk] <a href> vs. <form> request

Mark Armendariz nyphp at enobrev.com
Thu Apr 17 09:38:47 EDT 2003


Well, if you end up going the parse a page for a link route, couldn't
you just parse the referrer for that link?  I mean grabbing a page and
using RegEx to find a link takes a second, tops.  So you parse the page,
find the link you're looking for and then allow the script to continue.

I suppose that would require a login on some sites.. Dunno - hard to say
without more specifics.

Good header example, btw Chris.  I was wondering if here would be a
difference in the headers.

-----Original Message-----
From: Chris Shiflett [mailto:shiflett at php.net] 
Sent: Wednesday, April 16, 2003 10:26 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] <a href> vs. <form> request

--- Jerry Kapron <jkapron at newageweb.com> wrote:
> >Why would it matter if these other sites have a button instead of a
link?
> 
> It does not matter on the back end part of the system, but it does in
> general, trust me. I can't tell you more. I just wish there was a way
to
> detect it on the back end.

Well, maybe this will help. I created the following test page, http.php:

<p><a href="./http.php">Link</a></p>
<form action="./http.php" method="get">
<input type="submit">
</form>

When I click the link, my Web browser sends this:

GET /~chris/http.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;)
Gecko/20020830
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=
0.1
Accept-Language: en-us, en;q=0.50
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
Referer: http://127.0.0.1/~chris/http.php

When I click the submit button, my Web browser sends this:

GET /~chris/http.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;)
Gecko/20020830
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=
0.1
Accept-Language: en-us, en;q=0.50
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
Referer: http://127.0.0.1/~chris/http.php

Of course, I can also telnet directly to the Web server and type the
request
in, so that's three different ways to generate the exact same request.

> That's not really important.  I'm stuck with one specific thing: the
> ability to determine whether the request came from an <a href> link or
a
> form.

As my example shows, this is really impossible. You cannot detect it
based on
the request itself, so you're going to have to think outside of the box.
Since
it is the authors of the Web sites you are worried about, perhaps the
only
viable solution is for you to check up on them with an automated script
of some
type, much like you were describing.

Sorry I can't help more. I must admit that I am really curious why it
could
possibly matter. :-)

Chris

=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/


--- Unsubscribe at http://nyphp.org/list/ ---









More information about the talk mailing list