Submitting a form without leaving a page

drf1229

New Member
Messages
71
Reaction score
1
Points
0
I am trying to automatically submit a form without the user knowing. I want the form to run anonymously and not change the page. The issue I have is that I do not have access to the php page that is the action of the form. Is it possible to do this without changing anything in the action page?

Edit: I have found my answer! What I do is add a hidden iFrame to submit the form in the background!
Ex.


Formsubmit.php:

Code:
<form id="form">
</form>
<script type="text/javascript">
document.getElementById("form").submit();
</script>

index.php:
Code:
<iframe src="Formsubmit.php" height="0" width="0"></iframe>
 
Last edited:

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
Use AJAX rather than submitting the form. You can add a submit handler to the form that cancels the default action (to prevent the form handler page from loading).
 

Twinkie

Banned
Messages
1,389
Reaction score
12
Points
0
I am assuming you know that the proper way to do that would be AJAX, but (for security reasons) it is not allowed to send data to files on another server than the page you are viewing.

My only idea would be to gather the data from the forms (without submitting it) via HTML DOM, send it with AJAX to your own server, then fsock it with PHP to its destination.

Other than that, you would need an assisting technology like Flash or Java, which could probably do it better. However, nothing *in the browser* that I know of.

I was going to say client side, but I think that is technically incorrect.
Edit:
*facepalm* how could I forget about iframes...
 
Last edited:

phpmain2

New Member
Messages
9
Reaction score
0
Points
0
That is the simplest way to do so (believe it or not, when I read your post title a minute ago, IFrames popped into my head). However (albeit relatively small), some browsers do not support IFrames.
 

smoke.sessions

New Member
Messages
7
Reaction score
0
Points
0
Yeah, I would use AJAX for that. Otherwise, I think jQuery has functions like that.
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
In terms of sites you develop, consider page access (which cross-domain restrictions help secure) and injection attacks (which is entirely up to you to prevent).
 

drf1229

New Member
Messages
71
Reaction score
1
Points
0
Ok, well are there any other tags I should filter to avoid injection attacks (like in a feedback page)? I currently have meta, script and iframe. Would it be easier to just strip html tags?
 
Last edited:

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
Rather than stripping bad tags (blacklisting), allow only good tags and attributes (whitelisting) or use a lightweight markup language (e.g. BBCode, like the X10Forums, or MarkDown). If you end up allowing any HTML, don't write your own parser; use PHP's DOM or one of the other XML parsers.
 
Last edited:
Top