0

The following code working fine. but I prefer to use POST method instead of GET, if there is any way to do that?

<?php
$lang=$_GET['lang'];
$langArray=array('en','ar','ch');
$found=false;
if(in_array($lang,$langArray))
$found=true;
if(!$found)
$lang='en';

$xml=simplexml_load_file("languages.xml") or die("xml not found!");
$title=$xml->title->$lang;
$text=$xml->text->$lang;
?>

<h1><?php echo $title ?></h1>
<div><?php echo $text ?></div>
<div style="margin-top:50px;">

Languages:

<a href="?lang=en">English</a>
<a href="?lang=ar">Arabic</a>
<a href="?lang=ch">Chinese</a>
Shko
  • 11

5 Answers5

1

Making links do POST requests can be done by two means, one is simply to make the link send a form, like this:

<form method=POST id=f1>
<input name=hidden value=whatever>
</form>
<a href='#' onclick='document.getElementById("f1").submit()' />clickme</a>

The other one is to have the js link send XMLHttpRequest or the new js fetch() api to send the data.

The usability downside of this approach, is that people cannot share the links or open in new tab, which is common.

Let's let links be links and forms be forms.

As per the security aspect of it, both GET and POST are unsafe, if you aren't using HTTPS, remember GET are supposed to be idempotent and POST requires reconfirmation upon browser refresh, further reducing usability.

Felipe Valdes
  • 1,998
  • 15
  • 26
0

As commented below, that is not a very good solution or elegant solution to this problem, as $_POST usually causes the browser to act funny if you keep posting content to it. It may even quit loading the website period. So $_GET should be just fine... You can always encrypt the URL so if anyone is looking at the connection may not realize what they are looking at.

Yes, and no... At least not in the sense which I think you are trying to do, I may be wrong though. It will change the structure of whatever you are doing, to use $_POST you have to submit it via a form, as per PHP:

$_POST:

An associative array of variables passed to the current script via the HTTP POST method when using application/x-www-form-urlencoded or multipart/form-data as the HTTP Content-Type in the request.

So you could in theory submit a form with the lang value, and change from

$lang=$_GET['lang'];

To:

$lang=$_POST['lang'];

So instead of having simple links, setup a form with a buttons, or a dropdown:

<form id="web_lang" method="post">
    <button name="lang" value="en">English</button>
    <button name="lang" value="ar">Arabic</button>
    <button name="lang" value="ch">Chinese</button>
</form>

NOTE: Do not use $_GET or $_POST unfiltered, those are user inputs, and you NEVER trust user input, they can pass malicious code and do some serious harm to your website.

Sam
  • 2,856
  • 3
  • 18
  • 29
  • 2
    I'd like to argue against doing this though, as you're bringing in an unfriendly user experience by switching to post for something like this. When using post, using the forward/backward/refresh functions of your browser becomes clunky as you're asked "Do you want to resend the form data?" or words to that effect. – Scoots Oct 22 '17 at 20:44
  • I agree, but I was just showing him that it is possible to do it that way. @Scoots – Sam Oct 22 '17 at 20:46
  • I don't want to resend or sending any from data, these hyperlinks just for switching from one language to another. – Shko Oct 22 '17 at 21:05
  • @Shko You can set a `$_SESSION` variable holding the language, and if they select a different language, switch the `$_SESSION` value... That way you do not have to have the `url` parameters and you easily use your user session – Sam Oct 22 '17 at 21:07
0
 <?php
    $lang=$_POST['lang'];
    $langArray=array('en','ar','ch');
    $found=false;
    if(in_array($lang,$langArray))
    $found=true;
    if(!$found)
    $lang='en';

    $xml=simplexml_load_file("languages.xml") or die("xml not found!");
    $title=$xml->title->$lang;
    $text=$xml->text->$lang;
    ?>

    <h1><?php echo $title ?></h1>
    <div><?php echo $text ?></div>
    <div style="margin-top:50px;">

    Languages:

<form method="post" action="">
    <select name="lang">

        <option VALUE=""> choose language </option>
        <option VALUE="en"> English</option>
        <option VALUE="ar"> Arabic</option>
        <option VALUE="ch"> Chinese</option>
    </select>
<INPUT TYPE="submit" name="submit" />

Sayonara
  • 267
  • 1
  • 10
0

While superficially it may seem like all one needs to do is change "$_GET" to "$_POST" in the OPs code, this kind of change is hardly trivial.

One must either create a form for submission via the POST method or make an HTTP POST request. If you choose the former, then your link would refer to the webpage containing the form. If you opt for the later, then your link would refer to a PHP script which may use fsockopen() or curl. Here's some example code from this discussion offered by Tamlyn that illustrates the mechanics with fsockopen():

<?php

$fp = fsockopen('example.com', 80);

$vars = array(
    'hello' => 'world'
);
$content = http_build_query($vars);

fwrite($fp, "POST /reposter.php HTTP/1.1\r\n");
fwrite($fp, "Host: example.com\r\n");
fwrite($fp, "Content-Type: application/x-www-form-urlencoded\r\n");
fwrite($fp, "Content-Length: ".strlen($content)."\r\n");
fwrite($fp, "Connection: close\r\n");
fwrite($fp, "\r\n");

fwrite($fp, $content);

header('Content-type: text/plain');
while (!feof($fp)) {
    echo fgets($fp, 1024);
}

Note, you need to arrange your data into an array of key-value pairs to make the HTTP POST request. Alternatively, you may find it easier to use AJAX; see this example.

slevy1
  • 3,797
  • 2
  • 27
  • 33
0

because you can encrypt URL and also data not sensive , I suggest keep using _GET method , it's so fast than _POST method

Oussidi Mohamed
  • 89
  • 5