Passing a variable securely

[g1power]

How are you doing guys,

 

I am working on an idea and i want to select a specific database based on the link the user selects, ie:

 

Index page...user selects a course from a list of courses... course 1, course 2 etc. (each course a separate database)

 

the link would then take the user to a new page that would build a series of links from a table in the selected database....study are 1, study area 2 etc.

 

I can pass the name of the database associated with the link using <a href="test.php?name=maintest">Study this subject</a> but then the name of the database appears in the url and that doesn't seem very secure to me. Is there a more secure way of doing this or am i barking up the wrong tree?

 

Thanks for any help you can give me.

 

[PFMaBiSmAd]

All external data cannot be trusted and must be validated to make sure it only contains expected values and in your proposed scheme you would need to validate that the entered database/table name was one that the current visitor has permissions to use (i.e. so that a general user cannot specify your 'user' database/table name and dump all the usernames/passwords/email addresses...)

 

As to your proposed scheme. You should be using a single database to hold all data that your project uses. In general, all same type/structure data that only differs in the value it contains should be in one single table within your database.

 

The values that your user enters should only determine which row(s) are selected, not which databases or tables are operated on. You will find that this results in the simplest code and the fastest operation.