watthehell Posted September 11, 2007 Share Posted September 11, 2007 hi all.... when i pass values from the link like this <a href=\"reservation.php?myseldate=1".'-'.$month_curr.'-'.$year_curr."\">Click here</a> then in the address bar it shows http://localhost/pankopat/reservation.php?myseldate=1-9-2007 if the user alters the value of date and change 1-9-2007 to 2-9-2007 (or any other thing) then that value gets saved in the database.. Is it possible to hide this value in the address bar or make it uneditable.. thanks a lot.. Link to comment https://forums.phpfreaks.com/topic/68805-hiding-passed-variable-in-the-address-bar/ Share on other sites More sharing options...
bonaparte Posted September 11, 2007 Share Posted September 11, 2007 Hi, You are using GET form method. This is a security risk when you are injecting data into a database from the user input URL. Consider using POST form method. Your form will look like: <form method="post" action="formhandledurl"> <form field 1> </form field 1> <form field 2> </form field 2> </form> You may also use a hidden form field like this: <input type="hidden" name="hiddenfield" value="hiddenfieldvalue"> Researching about POST and Hidden form fields will sure help you. Also try to learn about input filtering. Link to comment https://forums.phpfreaks.com/topic/68805-hiding-passed-variable-in-the-address-bar/#findComment-345834 Share on other sites More sharing options...
watthehell Posted September 11, 2007 Author Share Posted September 11, 2007 thnks for your reply.... I havent passed this variables from form, i am passing this through normal link like this <?php <a href=\"reservation.php?myseldate=1".'-'.$month_curr.'-'.$year_curr."\" onMouseOver=\"ajax_showTooltip('view_reservation.php?myseldate=1".'-'.$month_curr.'-'.$year_curr."',this);return false\" onmouseout=\"ajax_hideTooltip();\" class=".$date_class.">1</a>?> i just want to know can i hide that variable name in the address bar or not.. thnks Link to comment https://forums.phpfreaks.com/topic/68805-hiding-passed-variable-in-the-address-bar/#findComment-345847 Share on other sites More sharing options...
bonaparte Posted September 11, 2007 Share Posted September 11, 2007 You can't hide in the address bar. You can't restrict the user from tying whatever he/she wants in their browsers. You need have control the logical flow of using a different and secure mechanism. Some sort of input filter may help you. Link to comment https://forums.phpfreaks.com/topic/68805-hiding-passed-variable-in-the-address-bar/#findComment-345850 Share on other sites More sharing options...
jagat21 Posted September 11, 2007 Share Posted September 11, 2007 Hi, u can encode the query string variables while sending them. And on the other page u can decode it and use it again. Use following functions : 1) base64_encode() 2) base64_decode() Link to comment https://forums.phpfreaks.com/topic/68805-hiding-passed-variable-in-the-address-bar/#findComment-345851 Share on other sites More sharing options...
watthehell Posted September 11, 2007 Author Share Posted September 11, 2007 Hi, u can encode the query string variables while sending them. And on the other page u can decode it and use it again. Use following functions : 1) base64_encode() 2) base64_decode() thnks i will try that Link to comment https://forums.phpfreaks.com/topic/68805-hiding-passed-variable-in-the-address-bar/#findComment-345857 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.