Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Passing parameter to url (beginner)

    My purpose is to create a web form to pre specify some fields for

    https://www.amazon.com/gp/gc/order-email

    I located the field 'quantity' using an element inspector:

    Code:
    <input id="s-quantity-Email" class="small-gc-input gc-field-quantity" type="text" value="1" name="quantity">
    I was hoping invoking my browser with

    https://www.amazon.com/gp/gc/order-email?quantity=2

    would set the Quantity field to 2, but it doesn't. Can someone help, please?

  • #2
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by aroj View Post
    My purpose is to create a web form to pre specify some fields for

    https://www.amazon.com/gp/gc/order-email

    I located the field 'quantity' using an element inspector:

    Code:
    <input id="s-quantity-Email" class="small-gc-input gc-field-quantity" type="text" value="1" name="quantity">
    I was hoping invoking my browser with

    https://www.amazon.com/gp/gc/order-email?quantity=2

    would set the Quantity field to 2, but it doesn't. Can someone help, please?
    Is this the right section of this forum to ask this question?

  • #3
    New Coder
    Join Date
    Mar 2012
    Location
    Tulsa, OK
    Posts
    31
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Well, it can't be done with HTML.
    The best way I can think of is to just re-create their form, then use a form post to their form page.

    Their form is posting to:
    https://www.amazon.com/gp/gc/payment...o_gcc_gc_email

    Other than that, I don't have any ideas, sorry. Don't worry, what you are asking isn't really a beginner sort of thing. I'll look around though.

  • #4
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks, but is the query string forbidden by Amazon, in this case, or am I assuming something wrong about how URLs work?
    Last edited by aroj; 03-06-2012 at 02:04 AM. Reason: Omission

  • #5
    Banned
    Join Date
    Apr 2011
    Posts
    656
    Thanks
    14
    Thanked 69 Times in 69 Posts
    Have you confirmed if the amazon form is sending data to its action url as a GET or POST?

    You are sending data as a GET which won't work if the amazon form is sending it's data as a POST, which is what it should be doing.

    Also, appending a query string to a url is not much use if the page you are sending it to isn't coded to do anything with a query string.
    Last edited by webdev1958; 03-06-2012 at 02:16 AM.

  • #6
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by webdev1958 View Post

    You are sending data as a GET which won't work if the amazon form is sending it's data as a POST, which is what it should be doing.
    Thanks. It seems that POST is more plausible. I see this

    <form action="https://www.amazon.com/gp/gc/payment/ref=gco_gcc_gc_email" method="POST">


    Also, appending a query string to a url is not much use if the page you are sending it to isn't coded to do anything with a query string.
    I don't know how to check that, though.

  • #7
    Banned
    Join Date
    Apr 2011
    Posts
    656
    Thanks
    14
    Thanked 69 Times in 69 Posts
    ok, I can now see what you're actually trying to do and that is prepopulate some inputs in a <form> and not send data to the form's action url.

    The only chance of being successful is if Amazon were really slack in their security and so process any query string data sent to the web page with the <form> client side with javascript. I think you'll find a snow flake has a better chance of surving in hell for a millisecond than Amazo doing the above. But just in case, view the source of the web page and wander through the various linked or enbedded javascript to see if they are doing anytging with a query string attached to the url for the <form> page. But I'm 99.99999999% recurring sure that even if a query string can be attached to the <form> page's url, all handling of it will be done server side and therefore you cannot see that code at all.

    One of the aims of website security is to prevent people from doing what you are trying to do.
    Last edited by webdev1958; 03-06-2012 at 03:23 AM.

  • #8
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks, I'll take it as

    "prepopulate some inputs in a <form> and not send data to the form's action url."

    is not possible with Amazon. However, I'd like to understand if this

    "prepopulate some inputs in a <form> and DO send data to the form's action url."

    is different.

  • #9
    Banned
    Join Date
    Apr 2011
    Posts
    656
    Thanks
    14
    Thanked 69 Times in 69 Posts
    ok, let me explain as simply as possible hopefully.

    Anyone can send data, as GET or POST, to any server side script they like.

    If the server side script has no code to handle the GET or POST data then the data is simply ignored by the code inside the server side script.

    If a server side script is required to accept GET or POST data and if proper security measures have been taken in the server side code, then all GET or POST data is first validated to ensure it contains only valid data and not potentially malicious code and then sanitised before sending it to a database if that is where it's meant to go.

  • #10
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by webdev1958 View Post
    ok, let me explain as simply as possible hopefully.

    Anyone can send data, as GET or POST, to any server side script they like.

    If the server side script has no code to handle the GET or POST data then the data is simply ignored by the code inside the server side script.

    If a server side script is required to accept GET or POST data and if proper security measures have been taken in the server side code, then all GET or POST data is first validated to ensure it contains only valid data and not potentially malicious code and then sanitised before sending it to a database if that is where it's meant to go.
    Clicking on the Submit button of this form:

    <form name="input" action="https://www.amazon.com/gp/gc/order-email?ie=UTF8&*Version*=1&*entries*=0" method="post">
    <input id="s-quantity-Email" class="small-gc-input gc-field-quantity" type="hidden" value="2" name="quantity">
    <input type="submit" value="Submit" />
    </form>

    redirects to the url on the right of 'action=' but fails to set the value of field 'quantity' to 2. It stays at '1'. Can I deduce from this that Amazon rejects this type of string queries, or is there another way to be explored?

  • #11
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by aroj View Post
    Clicking on the Submit button of this form:

    <form name="input" action="https://www.amazon.com/gp/gc/order-email?ie=UTF8&*Version*=1&*entries*=0" method="post">
    <input id="s-quantity-Email" class="small-gc-input gc-field-quantity" type="hidden" value="2" name="quantity">
    <input type="submit" value="Submit" />
    </form>

    redirects to the url on the right of 'action=' but fails to set the value of field 'quantity' to 2. It stays at '1'. Can I deduce from this that Amazon rejects this type of string queries, or is there another way to be explored?
    Any leads that haven't been explored yet?

  • #12
    New Coder
    Join Date
    Mar 2012
    Location
    Tulsa, OK
    Posts
    31
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by aroj View Post
    Any leads that haven't been explored yet?
    You like PHP? This might do what you are wanting. I haven't read it all yet though, kinda busy :'(

    http://www.html-form-guide.com/php-f...rm-submit.html

  • #13
    New Coder
    Join Date
    Mar 2012
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by telekovar View Post
    You like PHP? This might do what you are wanting. I haven't read it all yet though, kinda busy :'(

    http://www.html-form-guide.com/php-f...rm-submit.html
    Thanks, but I think it does more than I need. I only want to redirect to a page with a preset field in a form within that page. Usually that's done by appending ?field=value to the url, but, as explained previously, it doesn't work.

    This PHP code does not redirect to a page, it controls it remotely, as I understand it. Anyway, I thought I'd give it a shot, but opening the file from Firefox outputs part of the code itself. There is obviously a problem.

    Code:
    <html>
    <head>
    <title>How to submit a form using PHP</title>
    </head>
    <body>
    PHP Code begins
    
    <?php
    $post_data['firstName'] = 'Name';
    $post_data['action'] = 'Register';
    // traverse array and prepare data for posting (key1=value1)
    // BELOW THIS LINE MY BROWSER MESSES UP
    foreach ( $post_data as $key => $value) {
        $post_items[] = $key . '=' . $value;
    }
    //create the final string to be posted using implode()
    $post_string = implode ('&', $post_items);
    //create cURL connection
    $curl_connection =
      curl_init('http://www.domainname.com/target_url.php');
    //set options
    curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($curl_connection, CURLOPT_USERAGENT,
      "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
    curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
    //set data to be posted
    curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
    //perform our request
    $result = curl_exec($curl_connection);
    //show information regarding the request
    print_r(curl_getinfo($curl_connection));
    echo curl_errno($curl_connection) . '-' .
                    curl_error($curl_connection);
    //close the connection
    curl_close($curl_connection);
    ?>
    
    PHP Code ends
    </body>
    </html>


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •