overlordofevil Posted January 6, 2009 Share Posted January 6, 2009 hey all, I am working on a user interface for a db and it works but the issue I am having is security. The problem I am having is for the user to do anything they have to click on links. The links calls the new function but for the function to work correctly i have to send the id in the url. this is a big issue so i need to fix it. what I am wondering is what would be the best way to either a encrypt the id in the url so it can still be used on the next page or what would be another way to pass the info to the next page? thanks bill Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/ Share on other sites More sharing options...
flyhoney Posted January 6, 2009 Share Posted January 6, 2009 You could use POST instead of GET (this would require adding javascript to links or using buttons as opposed to links). Using POST requests via AJAX would be pretty 2.0ey. Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/#findComment-731063 Share on other sites More sharing options...
Maq Posted January 6, 2009 Share Posted January 6, 2009 Why don't you use a session? That way it's hidden and available on whatever page you want. Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/#findComment-731092 Share on other sites More sharing options...
overlordofevil Posted January 6, 2009 Author Share Posted January 6, 2009 don't know ajax but that6 might work. i do use sessions but I am not sure how well the session data would work. here is part of the code. $query1 = "SELECT * FROM characters where id='$uid' ORDER BY wchar"; $result1 = mysql_query($query1) or die (" Line 2 Query failed due to: ".mysql_error()); while ($row1= mysql_fetch_array($result1)) { extract($row1); echo "<tr><td></td> <td><b>Character's' Name</b></td> <td><b>Class</b></td> <td><b>Race</b></td> <td><b>Subrace</b></td> <td><b>Which Character</b></td></tr>"; echo "<tr><td></td> <td><a href='home.php?action=purchaseskills&cid=$cid'>$cname</a></td> <td>$classname</td> <td>$racename</td> <td>$subrace</td> <td>$wchar</td></tr>"; echo "<tr><td><b>Options</b></td> <td><a href='home.php?action=spiritforge&cid=$cid'>Spirit Forge</a></td> <td><a href='home.php?action=racechange&cid=$cid'>Race Change</a></td> <td><a href='charsheet.php?cid=$cid' target='_blank'>Character Sheet</a></td> <td><a href='home.php?action=xplog&cid=$cid'>XP Log</a></td> <td><a href='home.php?action=deletechar&cid=$cid'>DELETE</a></td></tr>\n"; ok so as you see what happens is it take a list of users and brings up the character info for them. now I can probably change the link to go to a quick script that sets the id as a session variable but other then that I'm not sure how else to do it. Plus since the session variable would need to change often that's the thing I need to figure out how to get it set when the character is selected how to set its id as the session variable. I don't know Javascript but if that or ajax is the best way to do it with out sending the data through the url I may have to look into it. Thanks for the feedback I appreciate it, any other suggestions ? Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/#findComment-731111 Share on other sites More sharing options...
Gighalen Posted January 6, 2009 Share Posted January 6, 2009 www.w3schools.com Go to PHP and click on "Sessions". Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/#findComment-731114 Share on other sites More sharing options...
overlordofevil Posted January 6, 2009 Author Share Posted January 6, 2009 thanks for the suggestions. I figure out a way to do it by setting up the links as forms with the id as hidden data. that way instead of links I get buttons now and it makes it a bit more secure. Thanks again Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/#findComment-731138 Share on other sites More sharing options...
Maq Posted January 6, 2009 Share Posted January 6, 2009 thanks for the suggestions. I figure out a way to do it by setting up the links as forms with the id as hidden data. that way instead of links I get buttons now and it makes it a bit more secure. Thanks again You should never sensitive data through HTTP... You can use hidden fields or sessions to accomplish this. Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/#findComment-731139 Share on other sites More sharing options...
flyhoney Posted January 6, 2009 Share Posted January 6, 2009 thanks for the suggestions. I figure out a way to do it by setting up the links as forms with the id as hidden data. that way instead of links I get buttons now and it makes it a bit more secure. Thanks again You should never sensitive data through HTTP... You can use hidden fields or sessions to accomplish this. I think you left out a word there. Do you mean "You should never send sensitive data through HTTP"? Because you realize that sessions and forms still use HTTP... Link to comment https://forums.phpfreaks.com/topic/139732-solved-hide-data-in-url/#findComment-731204 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.