Page 1 of 1

how to hide variables passed through a url

Posted: Tue Jul 22, 2003 3:03 pm
by maximus
Ok I'm sure this topic has been discused before, however, I'm looking for a particular solution to my problem. I would like to keep my url clean so rather than

>>> http://www.mysite.com/res.php?lid=107&sect=AA

I would like to have

>>> http://www.mysite.com/res.php

I know I know

- I could use POST rather than GET
- SESSIONs and register the variables in question
- Cookies

Without getting into details why, lets assume I do not have those options at my disposal. I was told I could use frames to hide the url variables somehow. If anyone knows what I'm talking please provide some insight.

Much appreciated,

--

Maximus

Posted: Tue Jul 22, 2003 6:06 pm
by patrikG
Yes, you can use frames. But it's not a very clean solution.

Create an invisible frame with something like

Code: Select all

<frameset  rows="100%,*">
    <frame name="visible (uses 100% of screen)" src=...>
    <frame name="invisible (uses 0% of screen)" src=...>
</frameset>
the invisible frame contains a form which you submit onEvent in (and from) the visible frame. Do note, however, not to use iframes, as some browser don't know/load/deal with them properly.

If you want to use GET but encode it, probably the simplest (and least secure) way would be to use str_rot13. Personally I think this function is an artefakt of earlier PHP-versions, but hey, it's would be one of the alternatives for the scenario you describe. There are plenty of useful and powerful encryption functions in the php-manual.

Posted: Tue Jul 22, 2003 7:41 pm
by qartis
If I were in your situation (well, from what I can tell) I would be working on getting either POST, sessions or cookies :) All the other methods (AFAIK) would take a fair bit more work that just enabling some other method..


Also, you don't need to use frames for that, just use a hidden form on the page, and onmouseup of a link, fill the required feilds with the data, encode the variables (base_64?), and submit() it, all JS.