Page 1 of 1
Solved - post link
Posted: Wed Dec 10, 2003 11:57 pm
by nota141
i have
Code: Select all
<a href="preferences.php?edit=<?=$requestї'admID']?>">Edit</a>
but i would like a way to not show the vars in the url if possiable.
Posted: Thu Dec 11, 2003 1:45 am
by aquila125
not very secure... always keep ALL the sensitive data at the server side..
there are ways to change the data the client sends to the server..
Ofcourse, it's a lot nicer to use POST instead of GET...
you could do it by building a form:
<form method="POST" action="goto.php">
<input type="hidden" name="admID" value="valuegoeshere">
<input type="submit" value="textonbutton">
</form>
If you look into javascript you could use a normal link with some javascript in it to submit a form
Posted: Thu Dec 11, 2003 2:05 am
by m3mn0n
I would track a user by an id, and then load up db variables for that id. In this case, an adminID. Then within the script the verification can occur, and no variables such as adminID, or other sensetive stuff, needs to be within a GET request.
Posted: Thu Dec 11, 2003 5:55 pm
by nota141
just to clarify the code in question is from an admin page where i am displaying a list of users and the admin is going to edit one of the users. and i would like it if i could say away from a form as the submit button will not look to good on the page.
Posted: Thu Dec 11, 2003 6:05 pm
by microthick
Instead of having a submit button, you can have a submit link.
<a href="javascript:document.yourformname.submit();">edit user</a>
Posted: Thu Dec 11, 2003 6:33 pm
by qads
if the page is only viewble AFTER you have logged in then i dont see much harm in haveing the ID in the url.
all you have to make sure before allowing to edit or delete auser to make sure the admin is logged in.
Posted: Thu Dec 11, 2003 7:31 pm
by nota141
microthick this code
Code: Select all
<form action="preferencesdetail.php" method="post" name="editform" id="editform">
<input type="hidden" name="edit" value="<?=$requestї'admID']?>">
<a href="javascript:document.editform.submit();">
Edit
</a>
</form>
keeps giving me "object doesn't support this property or method" what am i doing wrong
Posted: Thu Dec 11, 2003 10:39 pm
by nota141
solved it thanks to everyone
last prob was duplicate form names.