Jump to content

Recommended Posts

Well, through out the site, it is used to query the users record. 

 

edit.php?id=14 <---  This would grab  from the users table WHERE user_id = $_GET['id'].  I have it so if a user enters an erroneous number that isn't tied to their client_id, it drops them back a page.

 

 

other.php?id=14&cid=34 <--- This would grab the users complaint record

 

 

That is what I use it for, mainly.

Link to comment
https://forums.phpfreaks.com/topic/225877-urls-and-_get/#findComment-1166125
Share on other sites

I have it so if a user enters an erroneous number that isn't tied to their client_id, it drops them back a page.

 

If you're checking to ensure the id is tied with the current user's account then it should be fine.

 

You may want to sanitize your variable with mysql_real_escape_string or use prepared statements to prevent SQL injections.  That goes for any value that is used in a query that the user can manipulate.

Link to comment
https://forums.phpfreaks.com/topic/225877-urls-and-_get/#findComment-1166127
Share on other sites

if magic quotes is on, you'll get double-slashes without removing them. if magic quotes is on, i stripslashes() first.

 

$urlVal = (isset($_GET['id']))?trim($_GET['id']):'';

if (get_magic_quotes_gpc()) {
$urlVal = stripslashes($urlVal);
}
$urlVal = mysql_real_escape_string($urlVal);

Link to comment
https://forums.phpfreaks.com/topic/225877-urls-and-_get/#findComment-1166170
Share on other sites

Last question.

 

If I wanted the best way to "hide" the ID in the URL, would I encrypt it and then decrypt it on the new page or is there a better way?

 

Basically, I want to have ID=Dj43k;asd890faaklsdf01934jfa in the URL, not ID=12.

 

Suggestions?

Link to comment
https://forums.phpfreaks.com/topic/225877-urls-and-_get/#findComment-1168721
Share on other sites

You could do encryption with mcrypt.

Here's a tutorial http://www.phpro.org/classes/Two-Way-Encryption-With-PHP-Mcrypt.html

And the php manual http://php.net/manual/en/book.mcrypt.php

 

If you don't want to go that far, you could perhaps add a random lot of numbers to the end so it's like

id=4842049262658265620528

That way it looks encrypted. But secretly you just use the 1st 2 numbers

Link to comment
https://forums.phpfreaks.com/topic/225877-urls-and-_get/#findComment-1168753
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.