Hey guys.
Right now my entire script is in one file (yes dont ask we've been through this before hehe) When I submit information in a form i have it returning with a var like ?id=apply or such.
How can I contain this so that the user is never shown where its going? There must be a way. I just dont want people to be able to bookmark certain sections.
No matter where they are I want to have it displayed like "file.php" in the Address bar. Hope this makes some sense.
Self containment
Moderator: General Moderators
Im just wondering if there is a nice way to self contain. For example say I post to $PHP_SELF (I know I mistyped.. its early). And I pass a variable such as 2, which isnt added to the url, then once it loops back to post it, I should be able to parse the option # whatever it is and send the user to the appropriate function.volka wrote:method="post" won't show up in the status/address-bar
but taking a look in the 'source-view' this is no real protection
Now my problem is this, I've tried unsuccessfully to actually make this work, although Im almost certain that it would. Does anyone have a small example of how I would implement such a thing?
if your page is displayed in a frame the address isn't shown in the top-addressbar (but right-click->properties reveals it anyway)
replace window.status in onMouseOver() - this will override the url-display - or use a <button onClick="changeURL(....)"> and use a script-Funktion to change the document's href/url
You can do a thousand things more - but all this wouldn't hide it 100%.
replace window.status in onMouseOver() - this will override the url-display - or use a <button onClick="changeURL(....)"> and use a script-Funktion to change the document's href/url
You can do a thousand things more - but all this wouldn't hide it 100%.
No Im not worried about "hiding" the url so to speak.
I am worried about people bookmarking certain sections of it. I will be using sessioning and cookies, both expire after browser close or user logout, I just dont want ppl to be able to bookmark http://www.mysite.com/bleh.php?id=submit-news
So I want to somehow self contain this.
I am worried about people bookmarking certain sections of it. I will be using sessioning and cookies, both expire after browser close or user logout, I just dont want ppl to be able to bookmark http://www.mysite.com/bleh.php?id=submit-news
So I want to somehow self contain this.
It sounds like you just want to use post instead of get. That will stop bookmarking,etc. It also keeps the url "pretty" and unmangled.
One of your followup posts was confusing about why post wasn't good for you, can you clarify?
The only things you should need to change are
<form method="GET" to "POST" and any HTTP_GET_VARS to HTTP_POST_VARS (_GET to _POST, if using the superglobals)
One of your followup posts was confusing about why post wasn't good for you, can you clarify?
The only things you should need to change are
<form method="GET" to "POST" and any HTTP_GET_VARS to HTTP_POST_VARS (_GET to _POST, if using the superglobals)
So what's the problem? If u want that a user is able to bookmark use GET and if you don't want use POST && session variables. (Like many have suggested) Also if you check that variables are coming from $_POST users won't be able to just guess the param names in url. Are we missing something now, or is it you? Or do you have problem in logic: do some variables have different maning after a certain flag is set or something like that?
-9902468
-9902468