Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

htaccess & variables POST

8:47 pm on Nov 20, 2013 (gmt 0)

New User

joined:Nov 20, 2013
posts: 10
votes: 0


I have a problem with a _POST variables which is empty after URL rewriting and redirection.


<form name="myform" id="contactForm" action="http://example.com/sendcontact.php" method="post">

<article class="span6">
<textarea id="msg" rows="3" cols="40" name="message" placeholder="Message">Détails</textarea>

<article class="span6">
<input type="text" name="adresse" id="adresse">
<input size="100" type="text" name="name" id="name" placeholder="Nom">
<input type="text" size="30" id="email" name="email" placeholder="Adresse e-mail">
<button type="submit" name="submit" id="submit" class="btn btn-renova-alt add-top-half">Send message</button>


if($adresse != "" ){

$to = "daniel@example.com";
$subject = "Email from";
$name_field = stripslashes($_POST['name']);
$email_field = stripslashes($_POST['email']);
$message = stripslashes($_POST['message']);
$body = "<html>\n";
$body .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:12px; color:#666666;\">\n";
$body .= "From: $name_field <br/> E-Mail: $email_field <br/> Message: <br/> $message";
$body .= "</body>\n";
$body .= "</html>\n";

$headers = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=utf-8' . "\n";
$headers .= 'Reply-to: '.$name_field. '<'.$email_field.'>' . "\n" ;
$headers .= 'Return-path: '.$name_field. '<'.$email_field.'>' . "\n" ;
$headers .= 'From: MGS < contact@example.com >' . "\r\n";
$name_field = stripslashes($name_field);
$message = stripslashes($message);
mail($to, $subject, $body, $headers);
echo "Failure!";


RewriteEngine on
#RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
#RewriteCond %{HTTP_HOST} ^www\.example\.com$
#RewriteRule ^/?$ "https\:\/\/www\.example\.com\/" [R=301,L]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ [example.com...] [R,L]

The URL is rewritten correctly but I get an empty value for my POST variable.
PS: I don't get none past variables by the form

Do you have a solution to this?
thank you
10:52 pm on Nov 20, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
votes: 244

Last things first: Have you got two different canonicalization redirects from two different sources? In a redirect target (whether by mod_alias or mod_rewrite) you never, ever need to \ escape anything. The R default is 302 temporary, so always say R=301 unless you specifically want it to be a 302.

Any conditions involving protocol and/or hostname should be negative, for example

The idea is to say "If the request is anything other than the form I want..." If your site is mixed http and https, you'll need two rulesets, one each way.

Now then: The bad news is that the problem is not in the rules themselves. The problem is in the act of redirecting. The http(s) standard has special rules about redirecting POST requests

:: shuffling papers ::

If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request.

The prose for 302 is even worse.

The good news is that this is a non-problem, because legitimate requests will never be redirected. The page that holds the form should point it to the correct URL. (The same, of course, applies to any internal link. But the ones involving POST can really enforce the rule.)

Incidentally, I was told by someone hereabouts that the all-encompassing form for ensuring a non-empty variable in php is

This covers you both ways, whether the variable is undefined or its value is zero/null.
11:35 pm on Nov 20, 2013 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month

joined:Apr 30, 2008
votes: 142

I have seen this done (redirecting POST with POST variables), but not within .htaccess.

What I have seen is cases where POST request actually gets to the script. Then this script does redirection, turning POST variables to GET variables (and at that stage the script can also drop unnecessary variables) and the "Location" in headers would be GET with the URL that contains variables sent originally by POST request. In this case your script should be expecting to get variables either in the POST or GET array. This should not be used if the data sent in POST variables is sensitive.

Second way I have seen this done is again via the script being posted to, where the script upon receiving POST request, stores variables into cookie and the headers returned would be redirect headers as well as set cookie headers. In this case your script should be expecting to get variables either in the POST array or from the cookie.

Your particular example

However, in the particular case from your example above (where you are redirecting to https), then it seems to me that you are posting to the wrong URL (http). So fixing your internal POST target to make sure you specify absolute URL with https should suffice.

This is because POST is executed from within your web pages. If the URL link was somewhere else, or typed into address bar, browser would execute GET and not POST.

So (unless you use some kind of a request builder development tool to test), the only way to execute POST with variables is by posting within your script. Get it right in your script and you will never need to redirect POST with variables set.

Which is in fact what Lucy24 has told you above:
The good news is that this is a non-problem, because legitimate requests will never be redirected. The page that holds the form should point it to the correct URL.

There is one way how the POST that would need to be redirected to https could get from the outside to your site - which would be from another site that has form built and executes POST to your website. If you allow this, you should ask your partners (other sites) to post to the correct fully qualified URL - again as Lucy's quote says.
2:06 am on Nov 21, 2013 (gmt 0)

New User

joined:Nov 20, 2013
posts: 10
votes: 0

Thank you very much lucy24 & aakk9999
Thank you so much for all your help I really appreciate it , it's been two days that I look for a solution to that and thanks to you my problem is solved and my form works properly with the recuperation of _POST, Thank you so much really you saved my life .
Very good communication, helpful and quick support. I was able to find the right solution by the answer you provided. Short in words, 10 stars out of 10. Thanks & Best Regards!