Hide a get php url
Question
I have a dynamic table consisting of all user details and also a link on click it directs to another page where we can view specific course detail about a specific user.. My problem is that i wish to hide the ID and can't use the post method as well.. Is there any way to hide the url or any method to do this
echo "<td>" . $lead['lastname'] . "</td>";
echo "<td>" .'<a href="course_complete_sup.php?id'.$row1['userid'].'" class="lien2" value='.$row1['userid'].'/>Course Completed</a>' ."</td>" ;
echo "<td>" .'<a href="course_progress_sup.php?id='.$row1['userid'].'" class="lien2" value='.$row1['userid'].'/>Course Progress</a>' ."</td>" ;
echo
Thx
3 answers
solution1
0 2011-01-17 07:26:55
Nope, if you use GET, the parameters are going to be visible in the URL. You can try redirecting right away, but that does not really help if security is the issue.
Is there a particular reason you can't use POST? That would really be the way to go if you need to hide that information.
solution2
-2 ACCPTED 2011-01-17 10:33:29
ok i used the method of regality..
$_SESSION['rand_seed'] = rand(1,100000);
echo "" . $lead['lastname'] . "";
echo "<td>" .'<a href="course_complete_sup.php?id='.md5($row1['userid']).$_SESSION['rand_seed'].'" class="lien2" value='.$row1['userid'].'/>Course Completed</a>' ."</td>" ;
then when it direct the page course_complete_sup.php
$ids = $_GET['id']; $salt = $_SESSION['rand_seed']; unset ($_SESSION['rand_seed']);
if ($salt < 1)
{
header("location: access-denied.php");
}
else {
list($var1) = explode($salt, $ids, 2);
}
$encrypt = mysql_query("select distinct(userid) from course_complete ");
{
while($row = mysql_fetch_array($encrypt))
{
$r= md5($row['userid']);
if( $r== $var1){
$id = $row['userid'];
}
}
}
And it works!!!!!!!!!!
Thx regality and u all...
Cheersssssss
solution3
-3 2011-01-17 07:40:04
The only way to prevent the user from seeing the url is by doing everything on the server, which is typically overly complicated and slower. You should redesign your code so that it isn't a security issue for the url to be seen, but if you can't then you would have to send a hash or arbitrary number in the link.
For example, you could create the following link:
'<a href="newaction.php?action='.md5("user_id=" . $row1['userid'])).'" class="lien2" />Course Progress</a>'
and without knowing anything about your php code, I would suppose you could do something like the following in newaction.php:
<?php
// ... a bunch of code ...
if ($_GET['action'] == md5("user_id=" . $row1['userid'])) {
course_progress_sup($row1['userid']);
}
// .. a bunch more code ...
?>
I remind you that this is a bad idea, and you should rethink how you are going about this, but you could do something like it if you had to.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.