~n[EO]n~ Posted October 9, 2007 Share Posted October 9, 2007 i am passing value like this <a href="contacts.php?frompage=Classic" class="bottom_link">Contact Us</a> and when the contact page opens, the id is showed in the url http://localhost/mysite/english/contacts.php?frompage=Classic I am saving this value "Classic" in the db, but if the user changes this value (for e.g. "other") , other saves in the DB. Is there any way of preventing this ??? P.S : Don't say ModRewrite, for this we must have control of apache httpd.conf file (tell me if i am wrong) Thanks... Quote Link to comment Share on other sites More sharing options...
Aureole Posted October 9, 2007 Share Posted October 9, 2007 <?php if($_GET['frompage'] == 'Classic') { // Query DB, insert... } else { echo('No shenanigans or tomfoolery allowed'); } ?> Quote Link to comment Share on other sites More sharing options...
~n[EO]n~ Posted October 9, 2007 Author Share Posted October 9, 2007 hmmmm.... you are not getting what i am asking, i am not having problem in saving the value in the database. The problem is that if the user alters the value in address bar , then the alter value saves. Do you get me now ??? How do sites like yahoo and hotmail and even google makes the value long in the address bar like this ShowLetter?MsgId=1610_8130895_110061_1823_7041573_0_409_9182178_545601866 hope u get me now Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 9, 2007 Share Posted October 9, 2007 encoding, and encryption i believe, SHA1 I think is used by Hotmail. Although hotmail(microsoft) use their own dam painful language, ASP. <?php $page = "Classic"; $page_encrypted = sha1($page); ?> <form id="link" method="post" name="link" action="contacts.php?frompage=<?=$page_encrypted ?>"> <input type="hidden" name="pageencrypted" value="<?=$page_encrypted ?>"> </form> <a href="javascript:document.link.submit();" class="bottom_link">Contact Us</a> then on the next page: <?php if($_GET['pageencrypted'] == sha1('Classic')) { // Query DB, insert... } else { echo('No shenanigans or tomfoolery allowed'); } I dunno, something like that, just throwing ideas around. Regards ACE Quote Link to comment Share on other sites More sharing options...
Aureole Posted October 9, 2007 Share Posted October 9, 2007 Yes my method would stop it from saving if they alter the value... <?php if($_GET['frompage'] == 'Classic') { // Query DB, insert... } else { echo('No shenanigans or tomfoolery allowed'); } ?> If you have more than one value that frompage can be then you could use something like this: <?php if($_GET['frompage'] == 'Classic') { $query_ok =1; elseif($_GET['frompage'] == 'Another') { $query_ok = 1; elseif($_GET['frompage'] == 'Something') { $query_ok = 1; } else { $query_ok = 0; } if($query_ok == 1) { // Code here to query the db } else { die('Invalid frompage parameter...'); exit; } ?> D'you get me? Quote Link to comment Share on other sites More sharing options...
~n[EO]n~ Posted October 9, 2007 Author Share Posted October 9, 2007 @Aureole Your solution i tried, but it will show the error message when the user alters the value in the address bar. It is not a good solution, cause i have included menu and the header by getting this value, so if there is a error in value the menu will not show and I get a php error "file not found" type. hope u get me @ MasterACE14 How am i suppose to encode it any help. And one more question Can i get the exact value after i decode it ? For e.g. encoding Classic will be suppose "0a3df343sdf3f43fsdfdsf343434" and in $_GET how will i get the value classic ??? Quote Link to comment Share on other sites More sharing options...
Aureole Posted October 9, 2007 Share Posted October 9, 2007 Encode it with base64 then it's possible to decode it again. Quote Link to comment Share on other sites More sharing options...
hungryOrb Posted October 9, 2007 Share Posted October 9, 2007 n~ link=topic=162661.msg712608#msg712608 date=1191921078] @Aureole Your solution i tried, but it will show the error message when the user alters the value in the address bar. It is not a good solution, cause i have included menu and the header by getting this value, so if there is a error in value the menu will not show and I get a php error "file not found" type. hope u get me @ MasterACE14 How am i suppose to encode it any help. And one more question Can i get the exact value after i decode it ? For e.g. encoding Classic will be suppose "0a3df343sdf3f43fsdfdsf343434" and in $_GET how will i get the value classic ??? When trying Aure's solution, you did change your methods to GET right? Quote Link to comment Share on other sites More sharing options...
~n[EO]n~ Posted October 9, 2007 Author Share Posted October 9, 2007 No i didn't changed to GET i used this <?php $mypage=$_REQUEST['frompage']; $_SESSION['currpage'] = $mypage; $mynewpage = $_SESSION['currpage']; if ($mypage=='Classic') { include("../includes/header_classic_en.php"); } elseif ($mypage=='Business') { include("../includes/header_business_en.php"); } elseif ($mypage=='VIP') { include("../includes/header_vip_en.php"); } ?> is there any difference using $_GET and $_REQUEST hungryORB Quote Link to comment Share on other sites More sharing options...
hungryOrb Posted October 9, 2007 Share Posted October 9, 2007 n~ link=topic=162661.msg712648#msg712648 date=1191924715] No i didn't changed to GET i used this <?php $mypage=$_REQUEST['frompage']; $_SESSION['currpage'] = $mypage; $mynewpage = $_SESSION['currpage']; if ($mypage=='Classic') { include("../includes/header_classic_en.php"); } elseif ($mypage=='Business') { include("../includes/header_business_en.php"); } elseif ($mypage=='VIP') { include("../includes/header_vip_en.php"); } ?> is there any difference using $_GET and $_REQUEST hungryORB I thought there was, but the comparison i know is $_GET or $_POST. Where GET will not put the value (to be passed) in your URL.. Quote Link to comment Share on other sites More sharing options...
haaglin Posted October 9, 2007 Share Posted October 9, 2007 n~ link=topic=162661.msg712573#msg712573 date=1191915512] P.S : Don't say ModRewrite, for this we must have control of apache httpd.conf file (tell me if i am wrong) I'm not saying you should use ModRewrite in this case, but you can do this with .htaccess. You dont need to edit httpd.conf.. Here is a very usefull cheat sheet. http://www.ilovejackdaniels.com/mod_rewrite_cheat_sheet.png Quote Link to comment Share on other sites More sharing options...
![~n[EO]n~](data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%201024%201024%22%20style%3D%22background%3A%23c46270%22%3E%3Cg%3E%3Ctext%20text-anchor%3D%22middle%22%20dy%3D%22.35em%22%20x%3D%22512%22%20y%3D%22512%22%20fill%3D%22%23ffffff%22%20font-size%3D%22700%22%20font-family%3D%22-apple-system%2C%20BlinkMacSystemFont%2C%20Roboto%2C%20Helvetica%2C%20Arial%2C%20sans-serif%22%3E~%3C%2Ftext%3E%3C%2Fg%3E%3C%2Fsvg%3E)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.