Here`s what I`m trying to do.
My site consists of 2 parts: The content and the boxes. So say I have the content which is the index.php and I have a set of boxes which are included in the index.php code depending on a variable I pass to it like this:
/index.php?box=pc_links.php
or
/index.php?box=games_links.php
or
/index.php?box=tech_links.php
etc.
Each content page has its own boxes.
The problem is that if someone wants to he can change the querystring var $box to any other filename and the variable value will be changed so another box will be displayed. Is it any way to prevent this?
Note that I cannot use the post method since these come from links and I don`t want to have the box filenames hardcoded.
(Ok, I know, I`m not good at explaining things...)
question regarding var methods
Moderator: General Moderators
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
Hi,
you actually CAN use the post method, if you are willing to use JavaScript. I think you use the object.submit() function/method, you'll have to look around for that (I'm not a JS expert).
If you do not want to do that, you can use an alternative method, such as writing to a file (or a cookie) after the link is clicked, and then use whatever data the file/cookie has. This way even if someone changes the GET data, it will have no effect.
Also, I'm not entirely sure if this will work, (I cant test it, Im at school right now) is to check a referer. If it is empty, then obviously it is because someone changed values in the address bar instead of clicking a link.
That's all I can think of right now, I think if the last method works, it is the best one.
HTH,
Fjook!
you actually CAN use the post method, if you are willing to use JavaScript. I think you use the object.submit() function/method, you'll have to look around for that (I'm not a JS expert).
If you do not want to do that, you can use an alternative method, such as writing to a file (or a cookie) after the link is clicked, and then use whatever data the file/cookie has. This way even if someone changes the GET data, it will have no effect.
Also, I'm not entirely sure if this will work, (I cant test it, Im at school right now) is to check a referer. If it is empty, then obviously it is because someone changed values in the address bar instead of clicking a link.
That's all I can think of right now, I think if the last method works, it is the best one.
HTH,
Fjook!