PDA

View Full Version : HTTP POST from Delphi



Robert Kosek
23-12-2005, 02:52 PM
I'm wondering, since a POST was recommended for an online highscores list, how to do this. I know the names of the data I wish to send, the data, but not how to send the POST message to a specific webpage.

Could you help me out?

The data I'd send would be:
Name: String[255]
Score: Integer
Difficulty: Boolean

FNX
23-12-2005, 03:31 PM
Hello, from torry.net:

uses IdMultipartFormData;

{ .... }

procedure TForm1.Button1Click(Sender: TObject);
var
data: TIdMultiPartFormDataStream;
begin
data := TIdMultiPartFormDataStream.Create;
try
{ add the used parameters for the script }
data.AddFormField('param1', 'value1');
data.AddFormField('param2', 'value2');
data.AddFormField('param3', 'value3');

{ Call the Post method of TIdHTTP and read the result into TMemo }
Memo1.Lines.Text := IdHTTP1.Post('http://localhost/script.php', data);
finally
data.Free;
end;
end;



Of course you can do that if you have Indy components installed but
I suppose there are a lot free that behave the same way.

Hope this helps :)

AthenaOfDelphi
23-12-2005, 04:18 PM
Hi Robert,

You can get the indy components from the The Indy Project (http://www.indyproject.org/) if you haven't already got them.

As for an answer, FNX beat me to it, although there is one potential problem when using multipart form data. If the encoding of the request ends up as 'multipart/form-data', then actually extracting the data from the request at the server end can be tricky (largely depends on the language/server that will be receiving the requests).

Whilst the data you want to send could be considered large, the HTTP 1.1 specification specifically states there is no upper limit on the length of URI's, so you do have another option available to you.

Using the Indy HTTP client again (TIDHttp), you could do this....


requestResult := http.get('http://www.yourdomain.com/yourscript.php?name=' +
urlEncode(playername) + '&score=' +
intToStr(playerscore) + '&difficulty=' +
intToStr(integer(playerDifficulty)));


When this call completes, requestResult will contain the HTML that was returned by the server. If you want to look at the response codes, you can do so using the 'responseCode' property of TIDHttp. The advantage of using this is that the data is guaranteed to be easily accessible no matter what is sitting on the server.

The only issue is that the method above uses GET as opposed to POST, but really there is no difference between the two, except a POST is slightly more difficult to simulate without knocking together an HTML form. Neither method on its own will offer any protection against rogue entries, but you can protect it yourself by using the basic authentication mechanisms built into the HTTP protocol.

You could create a random username and a password that forms a one way hash of the username and the data you are sending. These could then be sent with the request like so (ideally, one, or preferably both, of these will be encrypted before you pass them to the HTTP client)...


IDHTTP1.request.username:=requestUsername;
IDHTTP1.request.password:=requestPassword;

requestResult:=IDHTTP1.get(.....);


So long as the server is configured to allow public access to the script (or whatever is processing the request), you can then access these values within the script and establish whether they are legitimate or not.

Just some food for thought.

Robert Kosek
23-12-2005, 04:42 PM
I'm just looking for a way that the casual observer won't notice. ;) If you REALLY want to cheat, go ahead, I'll be checking and watching the numbers. You'll have to be pretty slick.

Besides, what's the fun of cheating to be at the top of the list, when you didn't even WORK for the score? Eh, I don't get some people.


I think I like the GET method better, since it can return HTML. I could then use that as a plain text way of recieving any error/success mesages, then relaying them to the player.

I'll be using PHP on the recieving end and probably encode the sent data via base64. Just conceptualizing here.

I do have Indy, but it's probably not current... it came with my D6 edition and I've not touched it since installing.


Thanks for all the help! :)

cairnswm
24-12-2005, 09:54 AM
Look under the tutorials section for my "Web Live" tutoirial to see how to do it.