question regarding var methods

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
[n00b]
Forum Commoner
Posts: 34
Joined: Sat Mar 20, 2004 7:06 pm

question regarding var methods

Post by [n00b] »

Here`s what I`m trying to do.

My site consists of 2 parts: The content and the boxes. So say I have the content which is the index.php and I have a set of boxes which are included in the index.php code depending on a variable I pass to it like this:

/index.php?box=pc_links.php

or

/index.php?box=games_links.php

or

/index.php?box=tech_links.php

etc.

Each content page has its own boxes.
The problem is that if someone wants to he can change the querystring var $box to any other filename and the variable value will be changed so another box will be displayed. Is it any way to prevent this?
Note that I cannot use the post method since these come from links and I don`t want to have the box filenames hardcoded.

(Ok, I know, I`m not good at explaining things...)
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

I understand what you mean, but I'm not sure why you'd want to do that?
Fjook
Forum Newbie
Posts: 11
Joined: Tue Mar 23, 2004 6:58 am
Location: Toronto, Canada

Post by Fjook »

Hi,
you actually CAN use the post method, if you are willing to use JavaScript. I think you use the object.submit() function/method, you'll have to look around for that (I'm not a JS expert).

If you do not want to do that, you can use an alternative method, such as writing to a file (or a cookie) after the link is clicked, and then use whatever data the file/cookie has. This way even if someone changes the GET data, it will have no effect.

Also, I'm not entirely sure if this will work, (I cant test it, Im at school right now) is to check a referer. If it is empty, then obviously it is because someone changed values in the address bar instead of clicking a link.

That's all I can think of right now, I think if the last method works, it is the best one.
HTH,
Fjook!
Post Reply