Is it possible to send POST data with a PHP redirect?

Question

Update: This is NOT a duplicate of How do I send a POST request with PHP?. The solutions there don't work for me, they just output the result of the request, I don't want to do this, I want to send the user to the external site, it is secure website for credit card payment processing.

Update 2: I've added a diagram below to try and clearly explain what I'm trying to do

Here's what I'm trying to do:

1. a html form is submitted to a php script

2. the php script does some processing on the data and then submits data via POST request to an external website

3. I do not want to receive the result of the POST request in my PHP script, instead I just want to send the user to the external site where they see the result of the POST

I'm thinking curl is not suitable for this task as I'm not interested in receiving the result of the request back, I just want to send the user to the next site just as if they submitted the form directly.

To put this another way, I want to submit a form to an external website but I want to submit it to my own script first so I can process the data and send email notifications and then submit onwards to the external website with some new calculated data added.

One way I can think of doing this is to output the new form output as hidden fields along with javascript to auto-submit the form but there has got to be a more straightforward, robust way to do it without relying on javascript. Maybe by manipulating headers, or maybe there is already a php function to simply submit a post request and redirect to the result?

Answer 1

Long story short: no, it's not possibile using PHP.

One way I can think of doing this is to output the new form output as hidden fields along with javascript to auto-submit the form ...

It's the only way to do it.

---

The question is a possible duplicate of PHP Redirect with POST data.

---

As a suicide solution, you may consider to use HTTP 307 - Temporary Redirect.
From the HTTP/1.1 documentation linked above:

If the 307 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

My bold simply emphasizes that the redirect without the user confirmation actually depends on the browser's implementation of the protocol.

The redirect can be implemented in the PHP script which receives the POST request as follows*:

header('HTTP/1.1 307 Temporary Redirect');
header('Location: <your page in an external site>');

Basic usage Example:

page1.html - the page which contains the form

<html>
  <body>
    <form method="POST" action="page2.php">
      <input name="variable1" />
      <input name="variable2" />
      <input type="submit" />
    </form>
  </body>
</html>

page2.php - the page which processes your POST data before redirect

<?php

if (isset($_POST['variable1']) && isset($_POST['variable2'])) {

  //do your processing stuff

  header('HTTP/1.1 307 Temporary Redirect');
  header('Location: page3.php');

  exit;
} else
    echo 'variable1 and variable2 are not set';

page3.php the page to which the POST data has to be redirected (i.e. the external site)

<?php

if (isset($_POST['variable1']) && isset($_POST['variable2'])) {

    foreach ($_POST as $key=>$val)
        echo $key . ' = ' . $val . '<br>';

} else
    echo 'variable1 and variable2 are not set';

* _{don't try this at home!}

Answer 2

It seems to me that you're trying to do a redirect from one page to another, while sending along POST data. I'm afraid that's not possible with PHP.

The simplest workaround I can think of, is using cURL to (1) forward your $_POST data to another server, (2) receive the result from that server and then (3) do a simple redirect to another page. While it requires a total of 3 HTTP requests (a bit much for such a simple problem), it does more or less achieve what you're trying to achieve.

---

Let me break this approach down to the three steps you mentioned in your question :

For step 1, any HTML form would do, as long as it has a "method" attribute with the value "post". If you want to submit the form without using JavaScript, just make sure it has a "submit" button. That will submit your data to the page defined in the "action" attribute of your form when the submit button is pressed :

Example HTML :

<form action="action_page.php" method="post">
    First name:<br />
    <input type="text" name="firstname" value="Mickey"><br />

    Last name:<br />
    <input type="text" name="lastname" value="Mouse" /><br /><br />

    <input type="submit" value="Submit" />
</form>

For step 2, you'll need to create a page with a name identical to the value of the "action" attribute of your form. In the case of our example, that would be action_page.php. Here, you check if $_POST contains any values for the form fields you submitted. In the case or our example, you could so something like this :

if (isset($_POST['firstname']) && isset($_POST['lastname'])) {
    // Do the stuff you want to do on your own server here!
} else {
    // Do nothing here!
}

For step 3, you'll need to make a second POST request, using the $_POST data you just received from your HTML form. The simplest way to do that, would be using cURL. Then, you redirect your user to a second page, depending on the output of your second POST request.

To improve the readability of the example code, I put all code related to the cURL-request into a function :

function forwardRequest($url, $data) {
    $result = [
        'status' => NULL,
        'last_url' => NULL,
        'response' => NULL
    ];
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $result['response'] = curl_exec($ch);
    $result['status'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    $result['last_url'] = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
    curl_close ($ch);
    return $result;
}

if (isset($_POST['firstname']) && isset($_POST['lastname'])) {
    // Do the stuff you want to do on your own server here!

    $result = forwardRequest("http://www.example.com/processdata.php", $_POST);

    if ($result['status'] === 200) {
        header('Location: http://www.example.com/ok.php');
    } else {
        header('Location: http://www.example.com/error.php');
    }
} else {
    header('Location: http://www.example.com/youshouldnotbehere.php');
}

---

Note 1 :

I'm afraid there is no generic way to determine whether or not everything goes well on an external system whenever data is submitted to that system.

In my example code, I'm using the HTTP status code of the response received by your cURL request. This solution only works whenever the server returns a status code that is not equal to 200 if something goes wrong on that server. You will need to run some tests to see if this approach is sufficient for your use case.

If you can't use the status code to determine whether everything went well or not, consider checking the last effective URL or look for clues in your response header & your response text.

---

Note 2 :

Instead of forwarding your user after your cURL request has been processed, you might just want to show the response text from the server to your user. If this result contains a lot of junk you don't need, consider parsing the result using DOMDocument::loadHTML or third party library (like Masterminds/html5-php or PHPPowertools/DOM-Query).

You could also just write your own custom response text.

Answer 3

I have one solution for you that will work either 99% of the time or 100% of the time depending on how you implement it. All you need to do is process the form with AJAX. I know you want a Javascript free way of doing this but it is the simplest way. If you use the jQuery library the documentation and SO answers are so easy to follow you wound not have to write much code. Just modify some. Here is the concept:

1) Page loads as normal with the forms action pointing to the payment processing website. Since you are using Javascript (jQuery) to submit the form you would have replaced the submit buttons html like so:

<input type="button" value="Check Out" onclick="NameofAjaxFunctionHere();"

2) Swap out the forms action value. Before the actual AJAX code that will send the form behind the scenes to be processed, use something similar to this code to change the action to your own PHP page:

 $('#formIdHere').attr('action', 'yourPHPpageAndPathHere.php');

This code is for jQuery but it should be easy to change to plain JavaScript if you need. Now also make sure your AJAX code does not reset the form. Many copy and past codes kindly do this for you.

3) (Optional) At this stage the form has been sent to your PHP page and you are done doing what you need to with it. You now have two options:

• Do not wait for a response and just go on to number 4.
• Wait for a response and react accordingly + change data if needed

If you need to make sure the data was correct or need to alter some of it do that now. If the forms data fails your process (altered data for example) send back a FALSE and move on to number 4. If you need to change things that is a simple process. Send back all the data that needs updating in an array and loop through it in the same AJAX code that started this process. Using Javascript you can change the forms values.

[Code missing because I think you can figure this out if you need to do that. If not comment and when I have time I will post an example]

4) Swap back the forms action. Your AJAX processing is done. Traditionally it wipes the form and displays a message. If you choose the option from above that sends a FALSE to stop submission in case there was bad data, just return false from the AJAX script now (maybe display something before that return saying the form was not sent).

 $('#formIdHere').attr('action', 'paymentUrlHere');

Now that the payment URL is back in place and any data was updated if you need to go that route, submit the form like it normally should (or would) be. IN jQuery this can be as simple as:

 $('#formIdHere').submit();

---

And I think that covers it. At this point the user is out of your hands and was sent to the payment processing website with a normal POST. You even had the chance to alter data from the form if needed.

OH PS - Here is what I meant about the 99% and 100% way at the start of this post. 100% is the example I gave you here. No one can send the form without making it to your own PHP page first. The 99% solution would be to but the normal submit html in the page like so:

<input type="submit" ...>

Then using Javascript stop the default submit action and follow my steps 1-4. That way if someone disables javascript (or is on a device that blocks it) the form still sends to the payment processor at least. Up to you what you want to do.

Answer 4

Short answer :

• POST to external server
• parse response
• do not echo out anything
• use header('Location: url?param=res') ;
• exit ; //this is kind of important

I do not want to receive the result of the POST request in my PHP script, instead I just want to send the user to the external site where they see the result of the POST

If you are sending a POST request from a PHP script, then the response will ALWAYS come back to the same PHP script. I think what you want is NOT to send this the response back to the user, but instead redirect the user to a another URL. For which you make sure you are doing.

header('Location: url?param=res') ;
exit ;

and not sending anything to the client before the header() call

Answer 5

you are only can post the values at the time of the form submission

action = "path/filename.php";

in this form you can post the form values.

if you want to redirect the file at the time you can able to pass the values via the URL

header('Location: url/filename.php?param1=      ');

try this for a local file values which you want to post.

first you need to assign the values from the form, then you relocate header with the variables. that's may be the right solution from my side. thank you.

Answer 6

it's not possibile using PHP.

But you can use this tweak, In http://example.com/script.php you can write some javascript auto submit code with the checksum. E.g.

<body onload="document.frm1.submit()">   
<form method="POST" action="https://gatewaysite.com" name="frm1">
  <input name="checksum" value="yourchecksumvalue" />
  <input name="variable2" />
</form>
</body>

Answer 7

Its not possible,beacuase the page loaded entirely,there is a chance with empty data with POST request,instead of using this create Sessions when ever required,and after usage of that session just destroy the session. And the second one is usage of CURL .

Answer 8

You have excellent plan in you description. Why you just don't generate new POST request to 3 page with edited data on your page 2 after formatting? You can test your new POST requst with Chrome extension Postman

Answer 9

AJAX could be use in this case.

The form on mysite.com/pay points to gatewaysite. On submit you run a function which will call script.php. Only if script.php confirms that the data is correct, the form will be submitted.

Answer 10

If you are the owner of both websites, then you can just include the sites in each .htacess file, that will remain encypted.

The qualifications for this is SSL CA on both sites.

in your .htaccess, you do this by: this added in site#1's htaccess:

     RewriteCond %{HTTP_REFERER} !^https://www.site2.com/.*$      [NC]
     RewriteCond %{HTTP_REFERER} !^https://www.site2.com$      [NC]

this added in site#2's htaccess:

     RewriteCond %{HTTP_REFERER} !^https://www.site1.com/.*$      [NC]
     RewriteCond %{HTTP_REFERER} !^https://www.site1.com$      [NC]

Then you can use a standard html form on site#1 like:

       <form action="https://wwww.site2.com" method="POST">