At 4:51 AM -0800 11/17/10, Don Wieland wrote:
Hello all,

I have recently built a site using PHP. I was a little loose with GET and POST methods because I was using it for personal/private use. Now I am thinking of going public and allow different companies to use the site. I want to secure and hide as much data as possible to guard against user abuse.

I have several instances where I use the GET method to pass IDS. I can use a POST but even that is visible in the source. How does one allow for processing but never really let the user see that actual ID? Do I use a HASH for IDs? Do I need to get more familiar with SESSION VARS.

I am doing some experimenting. Any words of wisdom or resources would be helpful. Thanks!

Don Wieland


Buy: Essential PHP Security by Chris Shiflet

Well worth the money.




PHP General Mailing List (
To unsubscribe, visit:

Reply via email to