how to hide variables passed through a url

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
maximus
Forum Newbie
Posts: 9
Joined: Thu Jul 17, 2003 9:37 am

how to hide variables passed through a url

Post by maximus »

Ok I'm sure this topic has been discused before, however, I'm looking for a particular solution to my problem. I would like to keep my url clean so rather than

>>> http://www.mysite.com/res.php?lid=107&sect=AA

I would like to have

>>> http://www.mysite.com/res.php

I know I know

- I could use POST rather than GET
- SESSIONs and register the variables in question
- Cookies

Without getting into details why, lets assume I do not have those options at my disposal. I was told I could use frames to hide the url variables somehow. If anyone knows what I'm talking please provide some insight.

Much appreciated,

--

Maximus
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Yes, you can use frames. But it's not a very clean solution.

Create an invisible frame with something like

Code: Select all

<frameset  rows="100%,*">
    <frame name="visible (uses 100% of screen)" src=...>
    <frame name="invisible (uses 0% of screen)" src=...>
</frameset>
the invisible frame contains a form which you submit onEvent in (and from) the visible frame. Do note, however, not to use iframes, as some browser don't know/load/deal with them properly.

If you want to use GET but encode it, probably the simplest (and least secure) way would be to use str_rot13. Personally I think this function is an artefakt of earlier PHP-versions, but hey, it's would be one of the alternatives for the scenario you describe. There are plenty of useful and powerful encryption functions in the php-manual.
qartis
Forum Contributor
Posts: 271
Joined: Sat Dec 14, 2002 4:43 pm
Location: BC, Canada
Contact:

Post by qartis »

If I were in your situation (well, from what I can tell) I would be working on getting either POST, sessions or cookies :) All the other methods (AFAIK) would take a fair bit more work that just enabling some other method..


Also, you don't need to use frames for that, just use a hidden form on the page, and onmouseup of a link, fill the required feilds with the data, encode the variables (base_64?), and submit() it, all JS.
Post Reply