Browser ignores query string - url

I have a hardware device with an admin console accessed via a web interface. I want to pass a query string to the URL so that the username and password fields are pre-populated. I am doing so as follows but the browser ignores the query string:
http://192.168.5.50?username=abc?password=def
I have checked the page source and the username and password input fields are called "username" and "password".
EDIT:
I see that I have incorrectly used the character ? instead of & to separate the key/value pairs. Correcting this as follows does not change the outcome. The query string is still ignored.
http://192.168.5.50?username=abc&password=def
There is a form in the HTML with this definition:
<form name="myform" method="post" action="read" autocomplete="off">
Is the POST method incompatible with query strings? If so, is there another method of auto-populating fields?

You can try to create a form dynamically and submit it. You url should be something like this:
javascript:document.write('<form name="myform" method="post" action="read" autocomplete="off"><<input type="hidden" name="username" value="abc"><input type="hidden" name="password" value="def"></form><scr'+'ipt type="text/javascript">document.getElementsByTagName("form")[0].submit();</scr'+'ipt>');

Related

thymeleaf: th:value is ignored when using th:field

I've got a form where I want to edit some user data.
So the already stored data is put as th:value and after sending I validate with spring validation and want to give back the form on wrong input. I want the input field to have the value of the input by the user but it always gives me the stored input instead.
That's how an input field looks like
<input type="text" th:value="${product.name}" th:field="*{name}" th:errorclass="fieldError"/>
If the form is loaded the first time the input fields should have the value of the already stored data.
If it's loaded after submit and with an validation error, the input fields should have the value of the user's input.
Is there a way to to that?
Thanks!
Attribute th:field will replace attributes value, id and name in your input tag.
Instead, use plain th:id, th:value and th:name without using th:field. Then you will get what you wanted.
Then it will look like:
<input type="text" th:value="${product.name}" th:name="name" th:id="name" th:errorclass="fieldError"/>
Similar answer is here: How to set thymeleaf th:field value from other variable
Because Attribute th:field is Combination of both th:name and th:value
So, either use this:
<input type="text" th:value="${product.name}" th:name="name" th:errorclass="fieldError"/>
Or this:
<input type="text" th:field="*{name}" "th:errorclass="fieldError"/>
Using th:field or value, id and name is ok. if you user th:field, you can write this:
<input type="text" th:field="${product.name}" th:value="${product.name}" "th:errorclass="fieldError"/>
You have error in your controller (you set wrong value to *{name}), if the input value is wrong after validation error.

Change url from Action zf2

I am implementing a search an sending a search form to an action. Everything is working as expected but the url after the submit isn't very friendly and contain undesirable information. It is showing the whole request query array as a query string. I have a form with a fieldset element named 'album-search'.
Here is the url I am getting right now:
http://hostname/music_organizer/public/albums/page/1?album-search[term]=art&csrf=12b6065ab7ea428f02ad36a9cc363752-d96a14c1c7f1f2961112014a1e200e03&search=Search
Here is the url i am want to get:
http://hostname/music_organizer/public/albums/page/1?term=art
I have tried to set the query string in the action like this:
public function searchAction(){
//code
$this->getRequest()->getQuery()->set('term', $term);
//code
return $viewModel;
}
but no luck,
Thanks in advance
I thought your current rendering form should be like this
<form method="get" action="...">
<input name="term">
<input type="hidden" name="csrf" value="...">
<input type="submit" name="" value="Search">
<form>
Remove Submit Button:
Don't specify the submit button name while creating it
Remove CSRF element
If you don't required csrf element in querystring then remove it from your view page. but this csrf tag is very useful to avoid cross-site request forgery attacks.
--SJ

Send random value with curl to server

Let's say I have an HTML form which looks like this:
<form method="post" action="anmeldung.fcgi" onsubmit="return chkForm()">
<input type=text name="person">
<input type=hidden name="id" value="1234"> <!-- this value is generated -->
<input type=submit name="press" value="OK">
</form>
The value from id is generated by a mechanism which is not known to us and every time you visite the site it is an other value. Now let's say that the script, which collects the data checks if the id is correct and only then the rest of the code is called.
Is there a way with curl to send the data with the correct id to the server? So can I read it out from the page and send it to the server anyway? I think I have to use the same "instance" of the HTML file or something like this?
It sounds like this would be a multi-step process, but could be scripted fairly easily. First, you would use curl to do a GET to the URL of the form, like so:
curl http://hostname/path/to/form.html
Then, you would parse the content returned from the above GET request, to pull the value that is stuffed in the hidden id field.
Then, you would use curl to do a POST to anmeldung.fcgi, setting the form inputs to be posted, like so:
curl --data "person=xxx&id=1234&press=OK" http://hostname/path/to/anmeldung.fcgi

Prevent HTML Decoding on Form Values

I have a form element such as:
<input type="text" value="O’Reilly" />
But when this form is submitted, the value passed to the form handler is decoded and the ’ character is sent instead of the original string ’
I need to get the original string in it's literal/raw form, but I cannot seem to force the page to stop decoding these HTML elements for me. Any ideas?
HTML-encode the ampersand with & to prevent it from being part of an escape sequence: <input type="text" value="O&rsquo;Reilly" />

Insert cakephp POST params into URL

I have this form below which contains two checkboxes to sort some products:
<form id="FiltreExtraForm" action="" method="post" name="FiltreExtraForm">
<input id="ProductsDeliveryPrice" type="checkbox" value="1" name="data[Products][delivery_price]"/>
<input id="ProductsPicture" type="checkbox" value="1" name="data[Products][picture]"/>
</form>
After POST I do the filtering but I also want to add received parameters to URL E.g: /products/index/delivery_price:1/picture:0 . Is this possible. How can I do that?
Note: I don't want to use GET to send form info.
Sounds like you are looking to do a Post/Redirect/Get.
Here are two examples of doing this in CakePHP:
Searching on surname
Searching on multiple fields
The two main advantages of redirecting a POST to a GET request are:
Users don't get the "Do you want to resubmit?" dialog if they refresh
The resulting page/query can be bookmarked
In the action to which you post, you could simply prepare the GET url and then redirect to this url. The action for that url then does the filtering.
If I understand you correctly (and I'm not sure that I do), you can pass additional variables on the query string of the form's action quite easily. Conventionally, that might look like this:
<form id="FiltreExtraForm" action="/products/index?delivery_price=1&picture=0" method="post" name="FiltreExtraForm">
Using Cake, you should be able to do the same without the traditional query string if you'd rather (though the traditional method above will also work):
<form id="FiltreExtraForm" action="/products/index/delivery_price:1/picture:0" method="post" name="FiltreExtraForm">
I would recommend looking at the form helper or at least constructing the action URI using helpers, but this should get you what you're after.

Resources