Can I use Server Connect POST without forms?

I have some ‘micro-actions’ for changing statuses for things like student notes and I would much rather not have to have forms for each “Close Note” & “Reopen Note” button in a dropdown sitting in a repeater like below just for a tiny update.

image

A few questions come to mind in how to forego forms.

  1. Can I use a Server Connect route with parameters? And if so, how do I get the route to run as an XHR request? Currently, it navigates away from the current page & goes to the response from the SC action. The current setup I have:
    image
    The whole path: /api/students/notes/closeOpenNote?dir=:dir&date_closed=:date_closed&staff_closed=:staff_closed&id=:id

  2. Should I just add a Server Connect element and use the $_GET variables so I can set the parameters during the SC load action? I know $_GET should be used for retrieving data, not posting, however, this seems to be the easier option.

Any guidance most welcome.
Thanks all,
Michael.

These 3 tutorials may point you in the right direction:

https://docsdev.wappler.io/guides/url-rewriting-with-wappler
https://docsdev.wappler.io/guides/define-url-parameters
https://docsdev.wappler.io/guides/filtering-database-query-with-an-url-parameter

Yes you can use . It will allow you to send data via GET url. But what it should be is to use a form and send data via POST.

Thanks for the links, but I’m not sure if I made clear what I want to do.

I want to click the link with the route, but stay on the same page. At this point in time, it navigates to the following.

Ideally, I’d rather be able to add the input parameters to the server connect element like you can with a pure $_GET API action. E.g.

image

1 Like

I would be interested to know if you can do this also!

Make a minor change to a record without having Post back to server connect but use GET.

I am assuming the change would insert a parameter into the url or can this be done without doing that. Have the parameter update client side and refresh the Server Connect to Get the updated Variable or value?

You cannot use POST variables without forms.
You can use GET variables, and these are being sent as URL params when you are calling the server actions.

You don’t need a direct link to the server action to use GET vars. Just include your server action on the page and set it to no auto load.
On click of your button use dynamic events > click > load server action, there you can pass the parameters you defined for it.
This way you will stay on the same page.

Note that using GET variables this way, you should make sure to secure your server action as the link and parameters can be seen in the dev tools and you don’t want anyone with the link to be able to load it.

2 Likes

Note that using GET variables this way, you should make sure to secure your server action as the link and parameters can be seen in the dev tools and you don’t want anyone with the link to be able to load it.

Could you explain a little more on securing the server action?

Nothing special Steve. Just make sure you are adding the needed logic in your server action to prevent abuse/misuse based on your needs.

1 Like

Is there a particular reason why you don’t want to use forms? I would have thought using POST with forms would usually be preferable in cases like this. There probably wouldn’t be any need or advantage in sending URL parameters using GET.

More of a convenience thing really. Rather than having to create a form, hidden fields etc for every, what I’m calling, microaction, I think that it would be much easier if we were able to just load a SC with input params like we can with GET actions. However, @Teodor has answered my question that this is not possible to do with POST. So if I just add a Security Restrict to my SC I should be grapes.

You should do that independently of the verb used. The technology behind POSTs is not more secure than the one for GETs.
Anyone with malicious intent can fake POST requests.

3 Likes

Not sure I follow with what you mean.

Irrespective of whether you use GET or POST, you have to perform some checks to make sure that the user is authorised/the data being submitted is full/the data is in the right format/the data doesn’t contain anything it shouldn’t etc.

The most common way to handle this is some combination of some/all of
Security Restrict, data validation and queries

The bottom line is you can NEVER trust that the data being sent to your server (POST/GET) is correct and from an authorised source.

4 Likes

Ah, following now. Absolutely agree.

Thank you everyone for your replies and thoughts. :slight_smile: