[SOLVED] It still shows as GET while I use POST

Get help using Construct 2

Post » Thu Apr 23, 2015 9:14 pm

That is not answering my questions... nevermind.
I will just assume it is the way I am asking but this is not helping me even a bit.
I do appreciate everyone for trying though.

I have read everything about GET and POST in both php and Construct2 documentation. I understand that mysqli_real_escape_string bit but I think I can avoid using it by using 'prepare' instead. And mysqli_real_escape_string doesn't work on anything but strings anyways. But all of that is irrelevant.
I am not getting errors except when i use POST in the php script I don't get any value returned. Console and network do not seem to make any mention of why btw but I won't linger on that because my main issue is not solved yet anyway.


I am simply wondering why everything I do keeps showing up in the network view (shown below) as using GET even if both php and Construct2 are set to use POST.

Image
Last edited by UberDark on Sun Apr 26, 2015 8:48 am, edited 1 time in total.
B
54
S
7
G
8
Posts: 150
Reputation: 5,817

Post » Fri Apr 24, 2015 12:13 pm

UberDark wrote:That is not answering my questions... nevermind.
I will just assume it is the way I am asking but this is not helping me even a bit.
I do appreciate everyone for trying though.

I have read everything about GET and POST in both php and Construct2 documentation. I understand that mysqli_real_escape_string bit but I think I can avoid using it by using 'prepare' instead. And mysqli_real_escape_string doesn't work on anything but strings anyways. But all of that is irrelevant.
I am not getting errors except when i use POST in the php script I don't get any value returned. Console and network do not seem to make any mention of why btw but I won't linger on that because my main issue is not solved yet anyway.


I am simply wondering why everything I do keeps showing up in the network view (shown below) as using GET even if both php and Construct2 are set to use POST.

Image


sorry but English isn't my first lenguage, so, I have to understand very well when we are talking about this stuff and I can't try the example, and If I miss something I misunderstood what do you would like to make....

if you want to send a data with POST method to a php file, my example works, and the script that I posted works for insert a value inside the table user in the database...

why you don't get any value returned? can you post here the php file with capx?

in my projects, when the user is logged in, I save different value with SESSION like this:

$_SESSION["username"] = "myname";
$_SESSION["coin"] = "250";
...
...

and I can recall the variable just with an AJAX and get the echo from the SESSION and destroy it when I used it... but you can do it in the same php file with the echo after the login in your php and get the lastData from construct2

for the security there are a lot of method, for example, SESSION isn't to much sure if you don't use correctly, you can encrypt the password and other value/string...etc

what version of PHP run in your server?
B
21
S
9
Posts: 298
Reputation: 2,967

Post » Fri Apr 24, 2015 3:40 pm

UberDark wrote:I am simply wondering why everything I do keeps showing up in the network view (shown below) as using GET even if both php and Construct2 are set to use POST.


Perhaps calling the wrong function/Ajax call ?


Some info

GET method: This uses a method where the data is processed in the url. This leaves traces in various logs at different points between your connection over the http. Obviously, having passwords etc could be troublesome.

POST method: leaves far less traces like the GET method.

Difference, you can make simple links with the GET, like http://mysite/index.php?page=home
Whereas POST methods require various FORM elements in web pages before being able to send stuff somewhere.

Ajax takes care of the whole FORM formatting of your data request using POST.


If you really want to protect your content, you should start by having a https capable server.
By default, with https, your web connection will be encrypted and better protected.

So your Ajax POST requests should point to files on your sever over https://yoursite/mypage.php

You have control of what the user can enter, for instance, you could create a certain set of keys only to be allowed to enter, leaving out various mischievous characters.

Next to that, you should encode manually entered content which are being passed

You could use in construct 2
Manual wrote:URLEncode(str)
URLDecode(str)
Convert to and from a string in a format suitable for including in a URL or POST data.


and in PHP you would use the base64_encode base64_decode counter part.


mysql_real_escape_string is handy too; in PHP there are various options to strip certain undesired content from user input.

When I have a user table in a game's database, I tend to generate md5 strings from the connection and browser information, gives me more in depth control of what to allow from a player.

I would also try and add some flooding protection if the user is sending passwords to enter something, preventing brute force attempts.
Who dares wins
B
57
S
17
G
21
Posts: 1,878
Reputation: 19,567

Post » Sun Apr 26, 2015 8:21 am

Thank you both Ribis and lennaert. :) I see a lot of usefull information and tips here. I will learn to use the things like URLEncode/base_encode64. And I will also see what it takes to get a https capable server and if this is worth it for the purpose. I am trying to make something for a group of volunteers..

I am still very confused about the picture I showed. I AM already using POST method in both the php and construct2. Why does it show GET in the screenshot?
B
54
S
7
G
8
Posts: 150
Reputation: 5,817

Post » Sun Apr 26, 2015 8:57 am

You might wanna remove your password "$con = new mysqli('213.171.200.72','bloomdatabase','gLitterati1234','xxxxxxxxxxxxxx');" :P
And better use PDO instead of mysqli!
B
12
S
3
Posts: 211
Reputation: 1,477

Post » Sun Apr 26, 2015 9:29 am

Could you post a capx, UberDark, with your ajax request or a screenie of the events involving the ajax action.

In my network tab on the Chrome console, my requests show up as POST methods.
Who dares wins
B
57
S
17
G
21
Posts: 1,878
Reputation: 19,567

Post » Sun Apr 26, 2015 9:48 am

@Fireche The username, password and database names will of course be changed once i figure it out hahaha ;) And there will not be anything worthwhile on there anyway. It is going to be a map for a volunteer group of people that pick litter. Interesting for hackers aye ;) What is PDO however?

@lennaert
Image
B
54
S
7
G
8
Posts: 150
Reputation: 5,817

Post » Sun Apr 26, 2015 10:01 am

UberDark wrote:@Fireche The username, password and database names will of course be changed once i figure it out hahaha ;) And there will not be anything worthwhile on there anyway. It is going to be a map for a volunteer group of people that pick litter. Interesting for hackers aye ;) What is PDO however?

@lennaert
Image


Nowadays you should use PDO instead of mysqli or mysql: http://php.net/manual/en/mysqlinfo.api.choosing.php It's more safe and it's the future :P Also never put SQL-Statements into your query. You will get hacked easily ;)

You wrote in MYSQLI:
$stmt = $con -> prepare("SELECT id FROM members where username='$username' and password='$password'")

In PDO:
$stmt = $con -> prepare("SELECT id FROM members where username = :username and password = :password")
B
12
S
3
Posts: 211
Reputation: 1,477

Post » Sun Apr 26, 2015 10:14 am

@Fireche Cheers! Appreciate it
B
54
S
7
G
8
Posts: 150
Reputation: 5,817

Post » Sun Apr 26, 2015 10:40 am

The POST should not be showing up as a GET, are you sure you do not have a stray GET request somewhere ?

I would not mind taking a look at the capx and testing it seeing if I get the same results. (If you like you can PM me a file)
Who dares wins
B
57
S
17
G
21
Posts: 1,878
Reputation: 19,567

PreviousNext

Return to How do I....?

Who is online

Users browsing this forum: DiabloOvermind, mr6dante6 and 13 guests