Jump to content

Archived

This topic is now archived and is closed to further replies.

anm8ed

Need help with ideas on how to show a label and not a number on output.

Recommended Posts

First off,  Hello... and thanks for any help!

I am working on a piece of reporting that I want to show the label as a name, but for security purposes it shows as a number in the url. Each number is tied to a label. A form shows the label and that is what a user chooses from. A site traffic report pulls information on what is searched based on the URL of the web page. So it's something like this..

http://test.mysite.com/std_alp.php?prod_lvl1=7&prod_lvl2=361&prod_lvl3=363&search_text=&new_search=1

Just an example, but it's something like that... so the prod_lvl1=7, so the tracking reports a 7 as the product. But what I want it to do is show the label of 7 and not the number. The label is in the source of the page, I just am not sure how to get that to show instead since it pulls from the URL. Can anyone help me with this? By the way there are a hundreds of variables at work on this page.

Thanks for anything you can do to help me with this. I am pretty new to PHP and this seems to be out of my grasp.

Share this post


Link to post
Share on other sites
these values, ?prod_lvl1=7, etc. are called a query string.  These are created by submitting a form using the GET method.  So on your page, you'll see something like this to start your form:
[code]
<form name="myform" action="thispage.php" method="get">
[/code]

dropdown boxes and radio buttons have values, the info that is acually sent, and text, the info that is seen on screen.  So for example, a radio button might look like
[code]
<input type="radio" name="radiogroup" value="5">the fifth choice<br>
[/code]
you could change the values to be the same as text, but spaces are not allowed when using the GET method. 
Also, your page is set up to receive the numbers, not the text, and everything would have to be rewritten changing all the code that checks for numbers to check for text.
You could change the method to POST, and there won't be any ?'s after the URL.  You'd then need to change all the $_GET's to $_POST's on the receiving end. 

Finally, since your form must contain all the possible options for these submitted fields, the user has access to all this information, and whether it is a code or a label shouldn't really affect the security of the site.  Unless of course, someone has already found a way to get into your database and manipulate data.  If that's the case, well you've already got another problem.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.