How to hide URL params?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
themurph
Forum Commoner
Posts: 76
Joined: Wed Apr 19, 2006 1:56 pm
Contact:

How to hide URL params?

Post by themurph »

New user to the forums here. Looks like a great community :)

Now on to my question....

Is there any way using PHP to hide GET params, or would I need to use something like
apache mod_rewrite?
User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

Post by Nathaniel »

You'd need to use mod_rewrite.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

please be more specific.
User avatar
themurph
Forum Commoner
Posts: 76
Joined: Wed Apr 19, 2006 1:56 pm
Contact:

Post by themurph »

For instance:

current url looks similar to:
https://www.xyz.com/menu.php?dealid=45& ... arwarsfans
(some urls on the site get pretty long, and not so aesthethically pleasing to my OCD eyes)

would like display to the user simply as:
https://www.xyz.com/menu.php
regardless of params


(while keeping the params accessible to the script of course)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

I don't think that's possible (unless you use two frames, one which is hidden). If the data is being sent by GET it has to be available in the URL somewhere. How about using sessions instead if this is something you're concerned about?
User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

Post by Nathaniel »

I'm not sure what the "dealid" is, but you could so something like this:

https://www.xyz.com/StarWarsFans/45/menu/
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Your best bet would be to use POST to send the variable data.

You can use an ID on any HREF along with a little javascript to make an HREF operate like a form.
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

AKA Panama Jack wrote:Your best bet would be to use POST to send the variable data.

You can use an ID on any HREF along with a little javascript to make an HREF operate like a form.
that's what would be a clear, logical and safe way to do it...
platinum
Forum Newbie
Posts: 6
Joined: Sat Feb 21, 2004 4:20 pm

Post by platinum »

Your best bet would be to use POST to send the variable data.

You can use an ID on any HREF along with a little javascript to make an HREF operate like a form.
The only downfall with that idea is when the user hits the back button and gets the old "page needs to be refreshed to resend the variables"

Quite irritating to say the least.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Hiding URLs is irritating too ;)
dougsm
Forum Newbie
Posts: 8
Joined: Mon Apr 10, 2006 12:34 pm

Post by dougsm »

I'm not sure what the "dealid" is, but you could so something like this:

https://www.xyz.com/StarWarsFans/45/menu/
But how to make this automatic. I mean, I don´t need to create lot of sub-directories manually, right? How to transform this https://www.xyz.com/menu.php?dealid=45& ... arwarsfans on that?
User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

Post by Nathaniel »

Look into mod_rewrite.
User avatar
dibyendrah
Forum Contributor
Posts: 491
Joined: Wed Oct 19, 2005 5:14 am
Location: Nepal
Contact:

Use POST method

Post by dibyendrah »

Using POST method is more secure as well. Also session or cookies can be used as well.
User avatar
themurph
Forum Commoner
Posts: 76
Joined: Wed Apr 19, 2006 1:56 pm
Contact:

Post by themurph »

Nathaniel wrote:I'm not sure what the "dealid" is, but you could so something like this:

https://www.xyz.com/StarWarsFans/45/menu/
Yes, I found ample documentation on doing things like that, but I would prefer that the user
not see *anything* beyond just the name of the page without the query parameters or
any re-written virtual directories. (while still being able to pass query parameters to other
scripts).

I spent the better part of 3 hours today trying to figure out if this can be done.. I don't think it can :x

Ce La Vie

cookies is not an options, nor sessions, but perhaps the "dynamic" posting could work... I will look into that.

Sorry I'm a little late coming back to this thread, but better late than never I always say :)
User avatar
shoebappa
Forum Contributor
Posts: 158
Joined: Mon Jul 11, 2005 9:14 pm
Location: Norfolk, VA

Post by shoebappa »

Maybe this is a weird question but why are you trying to hide the parameters? People usually use mod re_write for prettier more "search engine friendly" URLs. What's the point in hiding them?

If the user is passing the parameters they're going to be able to figure out what they are even if you hide them. I reckon you could prolly make it harder by encrypting them somehow.

You could also probably do something odd like, If there is GET or POST data serialize it and dump then into a session and then header back to the same page without GET data, which unserializes the get and post back from the session if there is no GET or POST data... But that seems bonkers cause the links and or hidden values would still be visible by view source or copying the link. So again, what's the point in hiding them?
Post Reply