[SOLVED] PAssing a string through a URL?

[liamloveslearning]

Hi everyone, this is going to be hard for me to explain as at the moment im in work and dont have my files on me. Anyway what it is; on my on each member profile there is a "message member" submit button where the action takes you to a compose message page; however it doesnt send the data across for the member id and so im just wondering; would this be a POST/GET function? im new to this so trying to understand fully as possible,

 

would my code to pass the member_id over to the form something similiar to

 

action="mail_compose?=member_id"

 

 

Sorry if this is hard to understand, thanks

[garry]

The URL should be something like "something.php?action=composemessage"

 

And then you can get the action in the php by using this "$action = $_GET['action'];"

[Darklink]

You will have to replace member_id with the actual members id.

 

Besides, shouldn't it be something like:

 

action="mail_compose.php?id=143"

[liamloveslearning]

ahh okay thanks guys, im not too sure on what it should be to be honest, im still trying to graspa basic knowledge of it and using google as one of my resources 

can i ask is there a security issue with passing data through the url? as in this instance the member id can easily be changed to redirect you else where cant it?

 

 

[micmania1]

$_GET variabls are passed through thr URL

 

<a href="mail_compose.php?member_id=123">Compose Message</a>

 

To pass $_GET through a form:

<form action="mail_compose.php" method="get">
<input type="hidden" name="member_id" value="123" />
<input type="submit" value="Compose Message" />
</form>

 

There are security issues only if you do not validate the submitted data correctly.

[liamloveslearning]

ahh thanks a lot micmania ill try it soon as im home, my only issue with security is the fact user id's are visible in my url, i read somewhere you can pass it all through forms only im not to sure where to find tutorials on that, thanks again 

[micmania1]

If somebody reads the source, they will still be able to see the user id.

 

As long as you validate everything correctly, they should not be able to use it against you.

 

 

[liamloveslearning]

ahh okay, thanks for that; is it better to get the site working first thn check all the security at the end? or as im working on it?

thanks 

[liamloveslearning]

sorted it, thanks

I needed to filter out my member_profile page asit was caling back session variables instead of GET what was being posted, if that makes sense