Posted 28 June 2006 - 05:25 PM
Now you don't fred to be able to log on and put in say, page.php?user=joe and load joe's information. So is it possible to have a kind of secure Querystring where the whole querystring is encrypted and fred isn't able to tweak around with the values to hack into other people's information?
As you can see, I did some web searching and apparently ASP.net can do this.
[a href=\"http://www.dotnetjunkies.com/HowTo/99201486-ACFD-4607-A0CC-99E75836DC72.dcik\" target=\"_blank\"]http://www.dotnetjunkies.com/HowTo/9920148...E75836DC72.dcik[/a]
I would be quite suprised if the same doesn't exist for PHP.
If not, what is a good way to pass variables to web pages in a secure manner?
Posted 28 June 2006 - 05:47 PM
Posted 28 June 2006 - 06:47 PM
Posted 28 June 2006 - 06:51 PM
$_username = $_GET['username'];
SELECT * FROM $user_table WHERE username = '$_username'
Now you may go so far as to add a second column to the table such as username_crypt that when the user registers stores the MD5 hash of their username. That way you can have both a hash username and normal one. Recognize that you can't undo the hash (to my knowledge) so you'll be comparing the hash in the URL to one in the database that was generated prior using the username string. Check out
[a href=\"http://us2.php.net/manual/en/function.md5.php\" target=\"_blank\"]http://us2.php.net/manual/en/function.md5.php[/a]
to read more on the matter, but it would be something like this...
$_hash = md5($string);
What exactly are you trying to do? Because a list of links that each has a username at the end seems like a poor way to implement a user profile system. Sessions would be better because at the beginning of a script you can check the session for the user id then work from there. So instead of a url with a passed param like ?username=joe, you would just have the script file, profile.php.
Posted 28 June 2006 - 07:05 PM
However, within the family there are numerous children and parents/guardians. On the "edit parent details" screen, you have a list of registered parents and the user can click on a parent from a dynamically generated list from the DB and then go to another page that allows him to change the information for that particular parent.
so that's why I need the querystring variable, because it's the only way to send data dynamically- session variables and other things like that require you to know what you need to send before hand, not after the generation of a list from a database.
Posted 28 June 2006 - 07:30 PM
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users