Home/ Questions/Q 6072529
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T10:10:13+00:00

I am working on web application(in php),where i require to redirect url with some

  • 0

I am working on web application(in php),where i require to redirect url with some parameter.I have written a code like this 

header("Location:http://www.xyz.com?code=2345");

This will redirect to corresponding url but the my data is visible in the browser,i don’t want my data to be visible in the browser.how to hide the data? Is this the secure way of redirection? What is the best way of redirection?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s possible to redirect POST fields that have been sent to the current request (by redirecting with a 307), but to create them artificially is tricky and depends on if the user has javascript enabled. I use this function, but you shouldn’t depend on it working if the user disables javascript.

    <?php

function createHiddenFields( $value, $name = NULL )
{
    $output = "";
    if( is_array( $value ) ) {
        foreach( $value as $key => $value ) {
            $output .= self::createHiddenFields( $value, is_null( $name ) ? $key : $name."[$key]" );
        }
    } else {
        $output .= sprintf("<input type=\"hidden\" name=\"%s\" value=\"%s\" />",
            htmlspecialchars( stripslashes( $name ) ),
            htmlspecialchars( stripslashes( $value ) )
        );
    }
    return $output;
}

function redirectNowWithPost( $url, array $post_array = NULL )
{
    if( is_null( $post_array ) ) { //we want to forward our $_POST fields
        header( "Location: $url", TRUE, 307 );
    } elseif( ! $post_array ) { //we don't have any fields to forward
        header( "Location: $url", TRUE );
    } else { //we have some to forward let's fake a custom post w/ javascript
        ?>
<form action="<?php echo htmlspecialchars( $url ); ?>" method="post">
<script type="text/javascript">
//this is a hack so that the submit function doesn't get overridden by a field called "submit"
document.forms[0].___submit___ = document.forms[0].submit;
</script>
<?php print createHiddenFields( $post_array ); ?>
</form>
<script type="text/javascript">
document.forms[0].___submit___();
</script>
        <?php
    }
    exit();
}

?>
    • 0