Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi all,

I have a problem in CGI, to hide the parameters in the Address Bar..

I know about <FORM method="post">, but that is not my question.

In my home page, there is a url link with parameters like, <A HREF="http://127.0.0.1/cgi-bin/test.cgi?name=tom&value=12&id=52345">Test Link</A>.

when the above link is clicked by the user, the parameters like "name=tom&value=12&id=52345" are display in the Address Bar.

What is my expectation is that in the Address bar, only "http://127.0.0.1/cgi-bin/test.cgi" should be displayed and the parameters should be suppressed.

I tried a lot through even javascript but it is not working.

Please could anyone help me.

Thanks in advance.

Replies are listed 'Best First'.
Re: Hide parameters - CGI
by punch_card_don (Curate) on Apr 05, 2007 at 11:57 UTC
[reply]
Re: Hide parameters - CGI
by Fletch (Bishop) on Apr 05, 2007 at 13:30 UTC

    If you want to hide the specific contents of the parameters, then just don't send them. Create an opaque token (say a random sequence of digits, or run the serialized contents of the real parameters through Digest::SHA1) and send the token back as the sole parameter. Then map that token back to the information on the server side and process it as needed.

[reply]
Re: Hide parameters - CGI
by siva kumar (Pilgrim) on Apr 05, 2007 at 12:05 UTC
    Did you try the below steps in JavaScript? 
    
1. Parse the querystring and create hidden field for each name/value p
+air by 
   document.write("<input type=hidden name="+ name + " value ="+ value
+>");

2. Make the form method to POST
    document.form.method="POST";

3. Specify the form action 
   document.form.action="http://127.0.0.1/cgi-bin/test.cgi";

4. Do the form submit
     document.form.submit();

    [download]
[reply]
[d/l]
Re: Hide parameters - CGI
by saintly (Scribe) on Apr 05, 2007 at 16:19 UTC
    There's only a few ways to pass parameters from a web browser to the CGI on the other end of the web server. With a 'GET' request, all the parameters will be displayed in the address bar. If you want to avoid the user seeing those parameters, then you need to use another method.

    If you're stuck on using 'href' links, one way to do it might be to use Javascript: 
    <script type='text/javascript'>
  function submitForm ( formName ) {
    document.getElementById( formName ).submit();
    return true;
  }
</script>
<form action="http://127.0.0.1/cgi-bin/test.cgi" method='POST' id='tes
+tForm'>
<input type=hidden name='name' value='tom'>
<input type=hidden name='value' value='12'>
<input type=hidden name='id' value='52345'>
<input type=submit value='Test Link as Button'>
<a href="http://127.0.0.1/cgi-bin/test.cgi" 
 onClick = "submitForm('testForm');"
 onMouseOver = "window.status = 'http://127.0.0.1/cgi-bin/test.cgi'; r
+eturn true;"
 onMouseOut = "window.status = ''; return true;"
>Test Link</a>
</form>

    [download]
    In that example, you use JavaScript to do the form submitting for you. It still is a POST, but you can use a 'href' type link to activate it. The onMouseOver and onMouseOut try to hide the fact that clicking the link calls javascript and it's not a normal link. You don't need to put anything in the destination URL, it could be just 'href=""', but the javascript won't kick in if the user right-clicks the link (to open in new window or new tab).

    Another way might be cosmetically better, you can pass parameters as if they were folders: 
    <A HREF="http://127.0.0.1/cgi-bin/test.cgi/tom/12/52345">Test Link</A>

    [download]
    This is the way Amazon.com works. You can access the extra path variables by looking at 
    my $extra_path_info = $ENV{'PATH_INFO'};
# or
use CGI;
my $query = new CGI();
my $extra_path_info = $query->path_info();

print $extra_path_info;
# prints '/tom/12/52345'

    [download]
    Yet another way might be to pass the parameters as cookies. 
    <script type='text/javascript'>
  function submit_cookies ( formId ) {
    var thisForm = document.getElementById( formId );
    if( ! thisForm ) return true;

    var formLocation = thisForm.action;

    // Run through all the form variables and convert
    // them all to cookies
    for( var i = 0; i < thisForm.elements.length; i++ ) {
      var elementName  = thisForm.elements[i].name;
      var elementValue = thisForm.elements[i].value;
      document.cookie = elementName + '=' + elementValue + ';';
    }
    window.location = formLocation;
    return true;

  }
</script>
<form action="https://vmacs.vmth.ucdavis.edu/echo" method=POST id='tes
+tForm'>
  <input type=hidden name='name' value='tom'>
  <input type=hidden name='value' value='12'>
  <input type=hidden name='id' value='52345'>
  <a href="#" onClick="submit_cookies('testForm');">Test Link</a>
</form>

    [download]
    This particular solution has some drawbacks too. You can't usually set cookies for another domain, so the page that generates the cookies must come from the domain that the form posts to. You'll note that even though the form is all there (and it's set to 'POST'), no POST is done. The javascript function just fetches the 'action' parameter out of the form to use to submit the form. Then it runs through all the form variables to send them as cookies. There's lots of drawbacks using cookies too.

    Some other solutions:
    • Use frames to hide the destination URL
    • Open the other document in an iframe
    • Use AJAX to have javascript do the request for you (works with GET or POST), then rewrite the current page and location
    • Once the destination page receives the parameters, send them all back as cookies (or store them and send back a token, or something) and then quickly update the URL to remove the parameters
    None of these solutions use Perl though. Perl is powerful, but it still has to work within the limitations set by the HTTP protocol. You might want to check some javascript or web developer forums and ask your question there. Perl mostly deals with web requests after it's already been sent to the web server and processed. To modify browser behaviour, you need another language (until those mozilla folks add support for Perl scripts that run in the browser!).
[reply]
[d/l]
[select]
      Thank you very much for your posting these examples. It really helped me.
[reply]
Re: Hide parameters - CGI
by f00li5h (Chaplain) on Apr 05, 2007 at 11:44 UTC

    If the parameters are not passed in the url, how are they going to get to the script? They need to be somewhere, and if you can't POST to the form (because you're using a link) then you're pretty much out of luck.

    @_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;
[reply]
[d/l]
Re: Hide parameters - CGI
by Anonymous Monk on Apr 06, 2007 at 07:04 UTC

    Thank you all who have responded to my question.

[reply]

Back to Seekers of Perl Wisdom