Load PHP in iframes and passing variables?

@RobertBroussardJan 30.2004

~~[U]~~Problem[/U]
I need to load php in an iframe and pass variables. Below is a simple html working example of an <iframe> definition where “start.php” is the file to load. How do I modify the code to where I can discretely pass the variables $user and $pass and what method would I use to retrieve them in start.php ($HTTP_POST or $HTTP_GET)?

~~[U]~~HTML[/U]

[code] <iframe src=”start.php” scrolling=”no” id=”test” name=”test” height=”200″ width=”200″ marginwidth=”0″ marginheight=”0″ frameborder=”0″> </iframe> [/code]

Thanks to anyone for their time.

Robert

to post a comment

PHP

6 Comments(s) _↴

@wscottpadgettJan 30.2004 — #are you wanting a viewer of this start.php page to input the vars? or are they values that are preset that you simply need to securely get into your start.php script??

@RobertBroussardauthorJan 30.2004 — #I want to pass user and pass variables to start.php. For example:

<i>
 </i>&lt;iframe 
 src="start.php$user=someuser&amp;pass=somepass" 
 scrolling="no" 
 id="test" 
 name="test" 
 height="200" 
 width="200" 
 marginwidth="0" 
 marginheight="0" 
 frameborder="0"&gt;
 &lt;/iframe&gt;

But I don't want the variables to appear in the address bar of the web browser. How can I accomplish this?

@wscottpadgettJan 30.2004 — #you need to include a form of some sort in your HTML with it's action attribute set as "start.php"

your method in the FORM element could be "get" or "post" and this would determine whether you'd need to retrieve the variables using one or the other.

your variable values would be set as values in "hidden"-type input elements in the form, and then you'd access the variables in your start.php script by simply referring to them as $_POST['input_element_name'] or $HTTP_POST_VARS['input_element_name'] depending on how your PHP server is running.

when you submit the form, it will reload your start.php code, but then you'll have the variables available through the method above.

if you want to securely pass some $pass var to the script, you'll need to encrypt that $pass var and store it in a database or something and call it up from there. if you place it in the form is i outlined above, anyone can view your HTML and see the password.

@RobertBroussardauthorJan 30.2004 — #Good point. I just checked "view source" and you can see the password. I'm using mysql as the database. What harm would there be in passing the mysql encrypted password as a string for $pass?

@wscottpadgettJan 30.2004 — #if you post the string that exists in the pw column in your database then if someone gets access to your database, they can just run a query with that string and it will match up with the string that's stored and they can do whatever you're trying to protect with that password.

the way to do anything useful with the password that's encoded with the MySQL PASSWORD() function and stored in your database, is to encode the password you're looking to check against it and then send a query to the MySQL server that will encode your pw with the same PASSWORD() function and see if it matches what resides on the server. that way the only way anyone can match what's on your database is to encode the correct password.

@wscottpadgettJan 30.2004 — #what i said makes a little sense, but may or may not directly apply to what you're trying to do. i don't have enough information.

basically, the point of the password being encrypted in the first place is so that no one will know what exists on the database as a "password". so if you flaunt the encrypted string you're going to have trouble, because that's what the password really is right?

but the method i described before of encoding an entered password and checking it to the encoded password in the database is a secure way to validate a password, because no one ever sees the encrypted string. they can only try and enter a password, that once encoded will match the string...

Also in #PHP _↴

Upload HTML page, and send as an HTML email is there a way to select from multiple mysql tables without a join clause?how to hide warnings from appear

Success!

Help @RobertBroussard spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.28,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

Load PHP in iframes and passing variables?

6 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Load PHP in iframes and passing variables?

6 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

6 Comments(s) _↴

Also in #PHP _↴