I am trying to post the data to a form using curl and save it in a file , here is the form in which I want to post the data , the webpage can be accessed here form_webpage
<label for='Fldname'>Name</label></td><td>:</td><td><input type='text' name='name' id='Fldname'/>
<label for='Fldemail'>Email</label></td><td>:</td><td><input type='text' name='email' id='Fldemail'/>
<input type='password' name='x' id='Fldpwd'/>
<input type='password' name='cpwd' id='Fldcpwd'/>
<input type='radio' value='m' name='gender' id='Fldgendm'/>
<label for='Fldgendm'>Male</label> <input type='radio' value='f' name='gender' id='Fldgendf' />
<label for='Fldgendf'>Female</label>
<input type='checkbox' value='e' name='lang[]' id='Fldlange'/> Eng <input type='checkbox' value='t' name='lang[]' id='Fldlangt'/> Tel <input type='checkbox' value='h' name='lang[]' id='Fldlangh' disabled />
<select name='coun' multiple >
<option value=''>Choose Country</option>
<option value='91'>INDIA</option>
<option value='001'>USA</option>
<option value='002'>United Kingdom</option>
</select>
I have done quite a bit of research and everytime i want to post to the form it is returning the same page
I used
curl --data 'name=stirumer&email=123#gmail.com&x=test&cpwd=test&gender=m&lang[]=e&coun=91' "www.cs.odu.edu/~stirumer/index.html" -o "3.html"
curl -Gd 'name=stirumer&email=123#gmail.com&x=test&cpwd=test&gen
der=m&lang[]=e&coun=91' "www.cs.odu.edu/~stirumer/index.html" -o "3.html"
curl -X POST -F 'name=stirumer&email=123#gmail.com&x=test&cpwd=test&gender=m&lang[]=e&coun=91' www.cs.odu.edu/~stirumer/index.html -o "2.html"
curl -F 'name=stirumer&email=123#gmail.com&x=test&cpwd=test&gend
er=m&lang[]=e&coun=91' www.cs.odu.edu/~stirumer/index.html -o "1.html"
curl -X POST --data "name=stirumer&email=123#gmail.com&x=test&cpwd=test&gender=m&lang[]=e&coun=91" www.cs.odu.edu/~stirumer/index.html
All of them return the same page..!!
Expected Output
Need help guys!
Here's one way to go about this, which I've found quite useful for similar activities.
In Firefox install Firebug and Firecurl. Start Firebug, and then browse to the page in question, and submit the form. Then in the Net Panel of Firebug, look at he Firecurl output. It gives you the CURL command line for the form submission, which you can cut and paste into a shell and execute. Good way to learn what all needs to be done for any POST.
What do you expect to happen? I went to your web page and tested it and I got, what I expected to happen. When you manually go to that web page and fill in the information and click submit it just takes you back to the blank page. If you were to do the same think with curl then you'll just get the blank page back as well. I'd first make sure that your page works in a browser like you think it does.
When you use curl, it'll be like you filled in all of the form fields AND clicked submit. It's not going to just put data into the form fields and then just return you that page.
Related
I tried to Google search but I did not even know what to search for!
My current problem is: say I have a customer order an item, it will show in his list of orders and he can then edit the order in the future by clicking a button next to the order.
Currently the button submits a hidden form which contains all information needed to identify a particular order and this form is passed into the edit order page through a post request. Although the form is hidden, when page source is viewed the information will still be accessible by the user.
How do I avoid exposing the information to the user? I.e do everything in the backend.
<form method="POST" action="/edit_order">
<input type="hidden" name="owner_email" value=<%=all.owner_email %>>
<input type="hidden" name="owner_email" value=<%=all.transactionId %>>
<input type="hidden" name="start_date" value=<%=moment(all.start_date).format() %>>
<input type="hidden" name="end_date" value=<%=moment(all.end_date).format() %>>
<button type="submit" class="btn btn-secondary">Change this order</input>
</form>
I am trying to retrieve multiple values from HTML and make use of it using req.body..
I am able to do this via message: req.body.message
<form id="message-form" class="input-group input-group-lg" style="">
<input type="text" name="message" class="form-control" aria-label="Large" aria-describedby="inputGroup-sizing-sm">
<div class="input-group-prepend">
<button class="btn btn-primary">Send</button>
</div>
</form>
However, I would like to retrieve the values from elements that are not inside the e.g <span id="item" style="font-weight:bold"> </span>
The reason is that when I load the page, it renders these values dynamically (retrieved from database). When I want to do a POST, I would like to make use of these values that have been rendered previously.
Is there a way to do this?
Many thanks.
Forms don't submit data that does not appear inside a form control.
So you can either:
Store the data somewhere in the server (such as in a session) where you can read it back on a subsequent request (watch out for race conditions!) or
Put the data in a form control instead of or as well as in the span. (Possibly using a hidden input).
I have
<form action="?#cgi.query_string#" method="post" ...
The cgi.query_string comes in with an indefinite number of variables. I tried using
<form action="?#EncodeForURL(cgi.query_string)#" method="post" ...
Should I be doing any kind of escaping?
You are using method="POST" in your form tag. So you're trying to have a page with both a query string (URL scope) and a form body (FORM scope), correct?
I'm not sure that's best practice or even allowed by some browsers (I read elsewhere they'll strip query strings on POST actions).
The best solution might be to make the action either GET or POST, and loop through the query string making each item a hidden input?
<cfloop list="#CGI.query_string#" delimiters="&" index="i">
<input
type='hidden'
name='#listFirst(i, "=")#'
value='#listLast(i, "=")#'
/>
</cfloop>
As you say, you can't do this. Your specific question was whether you should do any escaping. The answer to that is "yes" and the location is going to be on the backend, parsing the query string.
<cfoutput>
<form action='?#CGI.query_string#' method='POST' class='form-horizontal bordered-group' role='form' id='test'>
<input
class='form-control'
type='text'
name='formvar'
/>
<input
class="btn btn-primary btn-lg btn-block"
type="submit"
value="Submit"
/>
</form>
</cfoutput>
Will submit a form to the same page, with the FORM scope present, the URL scope present, and the CGI.query_string defined. The CGI.query_string will have url formatting (%20 for space, etc). The FORM and URL scopes will already be decoded (%20 converted to space, etc).
It seems the crux of your question is really about security and sanitization. In which case you'll want to examine encodeForHTML() (Adobe Docs for encodeForHTML()).
Obviously, this isn't 100% foolproof, since I don't know the details of your code and what you do with the input. But those sanitization functions should be a good start.
So very generally, if you use the URL scope, use encodeForHTML(), and if you use #CGI.query_string#, it will be URL-encoded.
I am working on a Google chrome extension. the idea is that I enter my username and password, click submit and have a new tab open with my website, which will then pick up the submitted form and log me in.
I have managed to open my website in a new tab, but can not get it to pick up the form.
You can use OnClick event in submit button:
<input type="submit" value="submit" onclick="this.form.target='_blank';return true;">
You can create an HTML form in your popup.html as follows:
<form name="input" action="http://example.com/login.php" method="get">
Username: <input type="text" name="user">
Password: <input type="password" name="password">
<input type="submit" value="Submit"></form>
And in the script of your website you can check if the parameters and have been passed, and if correct then create redirect them to the DashBoard on your site, otherwise show them the login page to enter the correct credentials
Since you've got your website loaded, try using jquery to select the textbox and enter a value.
The following selects the where the input is, then finds the input I want, then finally sets the value inside of that box.
$("td[data-key='sku']").find("input.tb-input").val('some text here')
In the jquery code above, the html would look something like this:
<td data-key='sku'>
<input class=tb-input/>
</td>
The HTML I got asked to add to a page is:
<div>
<div> Click below to enter</div>
<form id="formID" method=POST action="http://www.someWebsite.com">
<input type="submit" name="do_login" value="Log in" />
<input type="hidden" name="username" value="someUsername" />
<input type="hidden" name="password" value="somePassword" />
</form>
</div>
I know I can't add a form like that because there is already on that SharePoint created, I had a look at http://www.sharepointboris.net/2008/09/making-post-and-get-forms-from-sharepoints-pages/ but when I follow the example and save SharePoint still strips out most of the code so how can I achieve what I want in another way?
Thanks in advance.
For our SharePoint 2007 installation, I created a quiz web part. Basically, it pulls questions and answers from a list, but the actual questions are presented and submitted using a form with POST variables. It's probably much more complex and in-depth than you're looking to go, but I made a custom web part to present the form, read the post variables, and execute associated functions. The big plus to using a custom web part is that you're able to put in nearly any content you want, since you're coding it in ASP.NET.
What I did was to create a custom .aspx page (not through the sharepoint gui) with the code I posted in my question, uploaded the page to a library and then linked to it via a page viewer web part
You can get the form to work as normal if you remove the tags and place the form control inside a div like so:
<div>
<div> Click below to enter</div>
<div id="formID" method=POST action="http://www.someWebsite.com">
<input type="submit" name="do_login" value="Log in" />
<input type="hidden" name="username" value="someUsername" />
<input type="hidden" name="password" value="somePassword" />
</div>
</div>
This way sharepoint will accept everything inside the div tags. In a asp.net when you create a page in sharepoint, the whole page is containied withing a form that why sharepoint does not allow you to use another form within it.
Hope this helps