passing id through link help...

[~n[EO]n~]

i am passing value like this

 

<a href="contacts.php?frompage=Classic" class="bottom_link">Contact Us</a>

 

and when the contact page opens, the id is showed in the url

http://localhost/mysite/english/contacts.php?frompage=Classic

 

I am saving this value "Classic" in the db, but if the user changes this value (for e.g. "other") , other saves in the DB.

 

Is there any way of preventing this ???

 

P.S : Don't say ModRewrite, for this we must have control of apache httpd.conf file (tell me if i am wrong)

 

Thanks...

[Aureole]

<?php
if($_GET['frompage'] == 'Classic') {
    // Query DB, insert...
} else {
    echo('No shenanigans or tomfoolery allowed');
}
?>

[~n[EO]n~]

hmmmm....

you are not getting what i am asking, i am not having problem in saving the value in the database. The problem is that if the user alters the value in address bar , then the alter value saves.

 

Do you get me now ???

 

How do sites like yahoo and hotmail and even google makes the value long in the address bar like this

 

ShowLetter?MsgId=1610_8130895_110061_1823_7041573_0_409_9182178_545601866

 

hope u get me now

[MasterACE14]

encoding, and encryption i believe, SHA1 I think is used by Hotmail. Although hotmail(microsoft) use their own dam painful language, ASP.

 

<?php
$page = "Classic";
$page_encrypted = sha1($page);
?>

<form id="link" method="post" name="link" action="contacts.php?frompage=<?=$page_encrypted ?>">
<input type="hidden" name="pageencrypted" value="<?=$page_encrypted ?>">
</form>


<a href="javascript:document.link.submit();" class="bottom_link">Contact Us</a>

 

then on the next page:

<?php
if($_GET['pageencrypted'] == sha1('Classic')) {
    // Query DB, insert...
} else {
    echo('No shenanigans or tomfoolery allowed');
}

 

I dunno, something like that, just throwing ideas around.

 

Regards ACE

 

[Aureole]

Yes my method would stop it from saving if they alter the value...

 

<?php
if($_GET['frompage'] == 'Classic') {
    // Query DB, insert...
} else {
    echo('No shenanigans or tomfoolery allowed');
}
?>

 

If you have more than one value that frompage can be then you could use something like this:

 

<?php
if($_GET['frompage'] == 'Classic') {
    $query_ok =1;
elseif($_GET['frompage'] == 'Another') {
    $query_ok = 1;
elseif($_GET['frompage'] == 'Something') {
    $query_ok = 1;
}
else {
    $query_ok = 0;
}
if($query_ok == 1) {
// Code here to query the db
}
else {
    die('Invalid frompage parameter...');
    exit;
}
?>

 

D'you get me?

[~n[EO]n~]

@Aureole

 

Your solution i tried, but it will show the error message when the user alters the value in the address bar. It is not a good solution, cause i have included menu and the header by getting this value, so if there is a error in value the menu will not show and I get a php error "file not found" type. hope u get me

 

@ MasterACE14

 

How am i suppose to encode it any help. And one more question Can i get the exact value after i decode it ?

For e.g. encoding Classic will be suppose "0a3df343sdf3f43fsdfdsf343434" and in $_GET how will i get the value classic ???

 

 

[Aureole]

Encode it with base64 then it's possible to decode it again.

[hungryOrb]

n~ link=topic=162661.msg712608#msg712608 date=1191921078]

@Aureole

 

Your solution i tried, but it will show the error message when the user alters the value in the address bar. It is not a good solution, cause i have included menu and the header by getting this value, so if there is a error in value the menu will not show and I get a php error "file not found" type. hope u get me

 

@ MasterACE14

 

How am i suppose to encode it any help. And one more question Can i get the exact value after i decode it ?

For e.g. encoding Classic will be suppose "0a3df343sdf3f43fsdfdsf343434" and in $_GET how will i get the value classic ???

 

 

 

When trying Aure's solution, you did change your methods to GET right?

[~n[EO]n~]

No i didn't changed to GET i used this

 

<?php $mypage=$_REQUEST['frompage'];
$_SESSION['currpage'] = $mypage;
$mynewpage = $_SESSION['currpage'];

if ($mypage=='Classic') 
  {
 include("../includes/header_classic_en.php"); 
  }
  elseif ($mypage=='Business')
  {
  include("../includes/header_business_en.php");
  }
  elseif ($mypage=='VIP')
  {
  include("../includes/header_vip_en.php");
  }
	?>

 

is there any difference using $_GET and $_REQUEST hungryORB

[hungryOrb]

n~ link=topic=162661.msg712648#msg712648 date=1191924715]

No i didn't changed to GET i used this

 

<?php $mypage=$_REQUEST['frompage'];
$_SESSION['currpage'] = $mypage;
$mynewpage = $_SESSION['currpage'];

if ($mypage=='Classic') 
  {
 include("../includes/header_classic_en.php"); 
  }
  elseif ($mypage=='Business')
  {
  include("../includes/header_business_en.php");
  }
  elseif ($mypage=='VIP')
  {
  include("../includes/header_vip_en.php");
  }
	?>

 

is there any difference using $_GET and $_REQUEST hungryORB

 

I thought there was, but the comparison i know is $_GET or $_POST. Where GET will not put the value (to be passed) in your URL..

[haaglin]

n~ link=topic=162661.msg712573#msg712573 date=1191915512]

P.S : Don't say ModRewrite, for this we must have control of apache httpd.conf file (tell me if i am wrong)

 

I'm not saying you should use ModRewrite in this case, but you can do this with .htaccess.

You dont need to edit httpd.conf..

 

Here is a very usefull cheat sheet.

http://www.ilovejackdaniels.com/mod_rewrite_cheat_sheet.png