Software, your way.
How To Get Good Custom Software
(Download)
(PDF)
burger menu icon
WillMaster

WillMaster > LibrarySecurity and Blocking

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Removing Personally Identifying Information From URLs

A website recently had a problem with Google. The site inadvertently passed personally identifying information when someone clicked on an AdSense ad.

Google was adamant that it must be fixed within a specific deadline.

It turned out that the culprit was a subscription confirmation page.

After their newsletter subscription form was used, the confirmation request email had a link to the confirmation page. So the confirmation page was able to record the confirmation, the subscriber's email address was passed along with the URL.

The link was formatted somewhat like this: 

http://example.com/confirm.php?email=name@example.com

The email address got passed along because AdSense clicks pass the referring URL — parameters and all — to the advertiser.

The solution required several steps:

  1. A script was created for the confirmation request email to link to, instead of linking directly to the confirmation page. The script sends the browser to the confirmation page with method POST containing the email address. Because it's method POST, the email address is no longer attached to the URL.

    In this article, I'll provide a PHP script to do that job.

  2. The confirmation page was updated to process POST data instead of GET data.

    Without the source code, this article can't instruct how to update your page. It may be as simple as replacing $_GET variables with $_POST variables. Or it might be complicated. If you feel overwhelmed, send me a message.

  3. The confirmation request email was updated so it links to the PHP script instead of directly to the confirmation page.

    Updating the template at your emailing service probably will accomplish this for you.

With the solution in place, http://example.com/confirm.php now has no email address attached to it. Which means no personally identifying information is sent along with clicks on AdSense ads.

The PHP Script in Step 1

The PHP script reads any URL parameter information in the URL used to launch the script, and then creates hidden form fields with it. JavaScript submits the form.

With this URL: 

http://example.com/script.php?email=name@example.com

email=name@example.com is the parameter information. The hidden field the script creates with that information is: 

<input type="hidden" name="email" value="name@example.com">

For browsers that don't run JavaScript, a submit button is available to click on for manually completing the process.

Other (JavaScript-enabled) browsers will automatically submit the form. In the event that the website is extremely slow, the submit button will appear after 3 seconds so the user can manually complete the process.

The only customization the PHP script needs is the URL of the confirmation page (or other page) to post to. 

<?php
/* 
    URL Parameters to POST Submission
    Version 1.0
    February 15, 2018

    Will Bontrager Software LLC
    https://www.willmaster.com/
    Copyright 2018 Will Bontrager Software LLC

    This software is provided "AS IS," without 
    any warranty of any kind, without even any 
    implied warranty such as merchantability 
    or fitness for a particular purpose.
    Will Bontrager Software LLC grants 
    you a royalty free license to use or 
    modify this software provided this 
    notice appears on all copies. 
*/
/* *** Customization *** */

$URLtoPOSTto = "https://example.com/confirm.php";

/* *** End of customization *** */

// Create hidden fields from URL parameter data.
$hiddenfields = array();
foreach( $_GET as $k => $v )
{
    $hiddenfields[] = '<input type="hidden" name="' . htmlspecialchars($k) . '" value="' . htmlspecialchars($v) . '">';
}

// Submit the form to the $URLtoPOSTto URL.
$hiddenvalue = implode('',$hiddenfields);
echo <<<AUTOSUBMITFORM
<form 
    id="form-2-submit-as-POST" 
    method="post" 
    enctype="multipart/form-data" 
    action="$URLtoPOSTto">
$hiddenvalue
<div id="sub-button" style="display:block; margin:.5in auto; text-align:center;">
<input type="submit" value="Click here to complete the process.">
</div>
</form>
<script>
document.getElementById("sub-button").style.display="none";
document.getElementById("form-2-submit-as-POST").submit();
function ShowButton() { document.getElementById("sub-button").style.display="block"; }
setTimeout(ShowButton,3000);
</script>
AUTOSUBMITFORM;
?>

One customization:

In the PHP script, below the script identification information, you'll see this line.

$URLtoPOSTto = "https://example.com/confirm.php";

Replace https://example.com/confirm.php with the URL to your confirmation page — or other page you're removing personally identifying information from.

The customization is now done.

Save the PHP script with any name ending with .php, perhaps get2post.php, and upload it to your server. Make a note of its URL.

When the page specified in the customization section can properly process $_POST data, update the confirmation email link to the URL of the PHP script.

You're done. The link in your confirmation request email no longer causes an inadvertent pass of personally identifying information with AdSense clicks.

(This article first appeared with an issue of the Possibilities newsletter.)

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

More "Security and Blocking" Articles

Keeping Image Location Secret

CSS Line-Wrap Control for Textarea Form Fields

Block Spambot Phone/Email Harvesting

Other Recent Articles from the Library

Simple 2-Column Flex Code Generator

Preventing Line Breaks

Easier Reading of JSON Data

Fixed Position Image

Visually Centering Images

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC