Re: [PHP] Re: Post URL ?
Raz wrote: You can put the value in a hidden form field and submit it with JavaScript, but it's still not truly hidden, as it is still sent in a cleartext HTTP request. Not to mention being visible upon viewing the page source... Well, that depends. If it's user input that is added via JavaScript when a link/button is clicked, then it won't be visible in the source. Regardless, though, it's not really any form of security. Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Post URL ?
""Joey"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > OK I understand the difference between a get & a post but if I just have a > URL/link which is calling a function like so: > > abc.com/display_information?customer_number=$value > > It passes to the display_information the customer number visably, is there a > way to do this where it's not visable? > > Thanks, > > Joey What problem are you trying to solve here? Is it a matter of security? Are you for example trying to stop people from seeing other users' details by pasting in their customer number? If so, you could require a password. If it's important to hide the customer number, you can use a semantically meaningless key to look it up in the db. If you don't want it to appear in the url, make a POST request, store it in a cookie or a session. It all depends on what you actually want to do. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Post URL ?
> You can put the value in a hidden form field and submit it with > JavaScript, but it's still not truly hidden, as it is still sent in a > cleartext HTTP request. Not to mention being visible upon viewing the page source... Raz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Post URL ?
Joey wrote: OK I understand the difference between a get & a post but if I just have a URL/link which is calling a function like so: abc.com/display_information?customer_number=$value It passes to the display_information the customer number visably, is there a way to do this where it's not visable? You can put the value in a hidden form field and submit it with JavaScript, but it's still not truly hidden, as it is still sent in a cleartext HTTP request. You might like to investigate sessions, which are stored on the server, or SSL, to protect data in transit across the Internet. Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php