开发者

Iframe with $_POST issue (PHP)

开发者 https://www.devze.com 2023-04-06 09:26 出处:网络
A few months ago I build a quiz-application for one of my customers. The visitors have to answer a number of question with ‘yes’ or ‘no’. The first screen will provide the first question, after cl

A few months ago I build a quiz-application for one of my customers. The visitors have to answer a number of question with ‘yes’ or ‘no’. The first screen will provide the first question, after clicking the button yes or no the visitor will be redirected to question two etcetera. After answering all the questions they get a result based on the answers they gave.

The application is integrated in the website of the customer by iframe. The URL of the first question is like http://www.domainname.com/quiz/1/. When visiting this page, PHP will generate an ID, to identify th开发者_如何学运维e session of the visitor. After answering question 1, this ID will be added to the URL. The URL of the following questions is like http://www.domainname.com/quiz/2/wgbew9rbger9o/.

After answering a question, the answer will be stored in the database-record corresponding with the ID in the URL. The answer of a question is submitted by $_POST. It’s impossible to visit by example question 6 when you didn’t answer the previous 5 questions, PHP will redirect the visitor to the last answered question.

The application is working fine, however, my customer is complaining about a few visitors that can’t get passed the first question. They can answer the question, so their answer is posted to the server, but somehow, the $_POST-data get stuck somewhere and PHP thinks ‘This customer didn’t answer question 1, so I have to send him to question 1’.

This problem is only detected by some visitors and I tried everything but I can’t reproduce the error. It’s hard to fix a problem if you can’t reproduce it…

Are there some known problems with iframe’s and posting data or something?


When you say "PHP will generate an ID", you may be talking about PHP sessions and the PHP session ID.

By default, PHP sessions utilize cookies in the browser to maintain the session. It seems like you are relying on this feature.

If a user loses their session because they do not have cookies enabled, they will lose their progress.

You can have PHP add the session ID to your URL automatically and thereby eliminate the need for cookies by using the PHP setting:

session.use_cookies = 0

Otherwise, ensure that the visitors have cookies enabled.


We use iframes, POST and php all the time at our company. I'm not aware of a particular problem for this setup. I suggest you look elsewhere for problems because iframes and post are pretty basic, standard stuff.

Also, php doesn't loose POST data and still continue to process the request. I'm guessing that what really happening is the request can't really reach the server (network connection problems) or server couldn't process the request (server configuation problems), answer doesn't get stored in the database, the visitor gets bored and retries thus making a new request (without the answer), visitor is greeted with first question again.

So, where to start? Here is a couple of pointers i can think of:

  1. Ask your customer how often does this happen, does it happen at certain times (for example peak times like morning) or with certain people or with certain browsers or ... you get the idea.
  2. Look at apache's access_log and error_log for HTTP status codes other than 200, php warnings or errors.
  3. Look at mysql's error_log, slow_query_log for errors or warnings.
  4. While you are at it, look at /var/log/messages
  5. Add debugging code to your site for example when the site catches that visitor did not answered first question and redirect him/her to first question, log some data about it to some txt file on disk or to some table in database.

These should shed some light on the nature of the problem you are facing with.


First of all, thanks for both your ideas so far. We did not solve the problem yet, but we do have some new information:

We do not use the php session-id, but create a random string ourself. This string is 255 characters long.

In the apache error logs there are multiple notifications like this:

[Thu Sep 22 08:58:57 2011] [error] [client 212.121.99.2] mod_security: Filtering against POST payload requested but payload is not available [hostname "www.webfrog.nl"] [uri "/application/customer/2/3BF9g3q9fRmqNkrsRakDimjfB46zrKUa3h0a0g96ZmntwEL5FXzN9ITrDGQW7sW1AM2qT1nydBRA6kwr7X6XlF5O2Lq0532lFTCfLQEO8c64nsca58XhuRXnk4e677itGKz9i5Ng7K1a44b03Z7dwJrHEvErjMLQe2PmXjtJUlKEfMk8r82OIjd3FHlOaXlfO1rr1L2MXt726iQegISOSWIfjTUkw7p2OHkG939Wm6E9ecdlLX1lypqI91SmZ8f/"] [unique_id "TnrcsS4RBNQAADTwB7wAAAAF"]

Is it possible that the error above is because some browsers can't handle the 255+ url length in the iframe?

Edit: Logs suggest that many users who have this problem use the combination of IE7 + WinXP

Edit2: Possible solution: we use <button type="submit" name="answer" value="1">Yes</button><button type="submit" name="answer" value="2">No</button> to submit the data. There appears to be a flaw in IE that does not parse the value data, but the innerHTML. Our rerouting script only allows for the values 1 or 2 to be valid, otherwise sends it back to the previous page.

0

精彩评论

暂无评论...
验证码 换一张
取 消