Solved - post link

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nota141
Forum Newbie
Posts: 8
Joined: Wed Dec 10, 2003 11:57 pm

Solved - post link

Post by nota141 »

i have

Code: Select all

<a href="preferences.php?edit=<?=$request&#1111;'admID']?>">Edit</a>
but i would like a way to not show the vars in the url if possiable.
Last edited by nota141 on Thu Dec 11, 2003 10:40 pm, edited 1 time in total.
User avatar
aquila125
Forum Commoner
Posts: 96
Joined: Tue Dec 09, 2003 10:39 am
Location: Belgium

Post by aquila125 »

not very secure... always keep ALL the sensitive data at the server side..

there are ways to change the data the client sends to the server..

Ofcourse, it's a lot nicer to use POST instead of GET...

you could do it by building a form:
<form method="POST" action="goto.php">
<input type="hidden" name="admID" value="valuegoeshere">
<input type="submit" value="textonbutton">
</form>

If you look into javascript you could use a normal link with some javascript in it to submit a form
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

I would track a user by an id, and then load up db variables for that id. In this case, an adminID. Then within the script the verification can occur, and no variables such as adminID, or other sensetive stuff, needs to be within a GET request.
nota141
Forum Newbie
Posts: 8
Joined: Wed Dec 10, 2003 11:57 pm

Post by nota141 »

just to clarify the code in question is from an admin page where i am displaying a list of users and the admin is going to edit one of the users. and i would like it if i could say away from a form as the submit button will not look to good on the page.
microthick
Forum Regular
Posts: 543
Joined: Wed Sep 24, 2003 2:15 pm
Location: Vancouver, BC

Post by microthick »

Instead of having a submit button, you can have a submit link.

<a href="javascript:document.yourformname.submit();">edit user</a>
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

if the page is only viewble AFTER you have logged in then i dont see much harm in haveing the ID in the url.

all you have to make sure before allowing to edit or delete auser to make sure the admin is logged in.
nota141
Forum Newbie
Posts: 8
Joined: Wed Dec 10, 2003 11:57 pm

Post by nota141 »

microthick this code

Code: Select all

<form action="preferencesdetail.php" method="post" name="editform" id="editform">
   <input type="hidden" name="edit" value="<?=$request&#1111;'admID']?>">
   <a href="javascript:document.editform.submit();">
      Edit
   </a>
</form>
keeps giving me "object doesn't support this property or method" what am i doing wrong
nota141
Forum Newbie
Posts: 8
Joined: Wed Dec 10, 2003 11:57 pm

Post by nota141 »

solved it thanks to everyone

last prob was duplicate form names.
Post Reply