Solution 1 :

1) Don’t use any sensitive data (credentials, Passwords) in the URL.

2) if the action is missing then the form submits to itself thats the reason your form submits to same page.

You have to specify action.

Use JavaScript or jquery functions, here is the example from jquery:

<script src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script>
  $(function () {
    $('form').on('submit', function (e) {         
         e.preventDefault();

      $.ajax({
        type: 'post',
        url: 'file',
        data: $('form').serialize(),
        success: function () {
          alert('form submitted');
        }
      });
    });
  });
</script>

Problem :

I was trying to figure out a post request for a login form that basically looks like this:

 <form method="post">
                <table class="table">
                    <tbody>
                        <tr>
                            <td>User</td>
                            <td><input type="text" class="form-control form-control-sm" name="user" /></td>
                        </tr>
                        <tr>
                            <td>Password</td>
                            <td><input type="password" class="form-control form-control-sm" name="pass" /></td>
                        </tr>
                        <tr>
                            <td colspan="2" class="text-right"><button type="submit" class="btn btn-primary">Login</button></td>
                        </tr>
                    </tbody>
                </table>
                </form>

I do know the username and password for the login but I wanted to construct a post request url to achieve the same thing.

After some research I found out that if there is no action that the form posts to the same url

The landing url is something like:

https://hero.mywebsite.com/user/login

So I tried :

https://hero.mywebsite.com/user/login?user=userName&pass=passWord1234

However, this does not work and it redirects me back to the login page.

I cannot figure out what is wrong with my method

Comments

Comment posted by The Head Rush

You sent the login credentials in a GET request using request parameters written into a querystring. For this to work, the server needs an endpoint listening for a GET request with user and pass parameters at the request URL. Apparently, it doesn’t have one.

Comment posted by green coder

I did the same url in postman with a post request but it does not work either

Comment posted by darkhouse

does the for have an action?

Comment posted by green coder

No it doesn’t. I didn’t know that a form can not have an action and still post till today

By

Leave a Reply

Your email address will not be published. Required fields are marked *