Passing vars through link security?

[hlstriker]

Hi, I read somewhere that when passing a variable through a link it makes the site insecure. Is this true, if it is how do I make it secure?

 

Also, can people list other security breaches that a newbie should know and the fixes please.

[twooton]

what they mean is that when you're passing varibles through a link, the user can see your varibles. So if you had www.foo.com/index.php?username=bob&password=test, users would be able to see the varibles and their values. If you use a POST method instead of GET (<form action="?" method="post">), your varibles are "hidden" and do not appear in the link

[genericnumber1]

There's an even bigger risk of them/whoever is with them seeing the values they submitted. Their browser will pass along the url of the linking page in the "referrer"(sic) header and the other website can see the info in the url.

[hlstriker]

Oh, I heard that people could enter a website in the spot the id is supposed to go, and then they could run scripts on my site or something?

[john010117]

Instead of using links, make a simple form and pass the variables with the POST method instead. Ex:

 

<form action="link.php" method="POST">
...Form code goes here...
</form>