Page 1 of 2

How to hide URL params?

Posted: Thu Apr 20, 2006 6:59 pm
by themurph
New user to the forums here. Looks like a great community :)

Now on to my question....

Is there any way using PHP to hide GET params, or would I need to use something like
apache mod_rewrite?

Posted: Thu Apr 20, 2006 7:29 pm
by Nathaniel
You'd need to use mod_rewrite.

Posted: Thu Apr 20, 2006 9:25 pm
by John Cartwright
please be more specific.

Posted: Fri Apr 21, 2006 12:56 am
by themurph
For instance:

current url looks similar to:
https://www.xyz.com/menu.php?dealid=45& ... arwarsfans
(some urls on the site get pretty long, and not so aesthethically pleasing to my OCD eyes)

would like display to the user simply as:
https://www.xyz.com/menu.php
regardless of params


(while keeping the params accessible to the script of course)

Posted: Fri Apr 21, 2006 6:28 am
by Chris Corbyn
I don't think that's possible (unless you use two frames, one which is hidden). If the data is being sent by GET it has to be available in the URL somewhere. How about using sessions instead if this is something you're concerned about?

Posted: Fri Apr 21, 2006 7:14 am
by Nathaniel
I'm not sure what the "dealid" is, but you could so something like this:

https://www.xyz.com/StarWarsFans/45/menu/

Posted: Fri Apr 21, 2006 12:38 pm
by AKA Panama Jack
Your best bet would be to use POST to send the variable data.

You can use an ID on any HREF along with a little javascript to make an HREF operate like a form.

Posted: Fri Apr 21, 2006 12:43 pm
by n00b Saibot
AKA Panama Jack wrote:Your best bet would be to use POST to send the variable data.

You can use an ID on any HREF along with a little javascript to make an HREF operate like a form.
that's what would be a clear, logical and safe way to do it...

Posted: Sat Apr 22, 2006 4:21 am
by platinum
Your best bet would be to use POST to send the variable data.

You can use an ID on any HREF along with a little javascript to make an HREF operate like a form.
The only downfall with that idea is when the user hits the back button and gets the old "page needs to be refreshed to resend the variables"

Quite irritating to say the least.

Posted: Sat Apr 22, 2006 5:31 am
by timvw
Hiding URLs is irritating too ;)

Posted: Mon Apr 24, 2006 7:54 pm
by dougsm
I'm not sure what the "dealid" is, but you could so something like this:

https://www.xyz.com/StarWarsFans/45/menu/
But how to make this automatic. I mean, I don“t need to create lot of sub-directories manually, right? How to transform this https://www.xyz.com/menu.php?dealid=45& ... arwarsfans on that?

Posted: Mon Apr 24, 2006 8:09 pm
by Nathaniel
Look into mod_rewrite.

Use POST method

Posted: Tue Apr 25, 2006 1:02 am
by dibyendrah
Using POST method is more secure as well. Also session or cookies can be used as well.

Posted: Fri Apr 28, 2006 7:48 pm
by themurph
Nathaniel wrote:I'm not sure what the "dealid" is, but you could so something like this:

https://www.xyz.com/StarWarsFans/45/menu/
Yes, I found ample documentation on doing things like that, but I would prefer that the user
not see *anything* beyond just the name of the page without the query parameters or
any re-written virtual directories. (while still being able to pass query parameters to other
scripts).

I spent the better part of 3 hours today trying to figure out if this can be done.. I don't think it can :x

Ce La Vie

cookies is not an options, nor sessions, but perhaps the "dynamic" posting could work... I will look into that.

Sorry I'm a little late coming back to this thread, but better late than never I always say :)

Posted: Fri Apr 28, 2006 8:27 pm
by shoebappa
Maybe this is a weird question but why are you trying to hide the parameters? People usually use mod re_write for prettier more "search engine friendly" URLs. What's the point in hiding them?

If the user is passing the parameters they're going to be able to figure out what they are even if you hide them. I reckon you could prolly make it harder by encrypting them somehow.

You could also probably do something odd like, If there is GET or POST data serialize it and dump then into a session and then header back to the same page without GET data, which unserializes the get and post back from the session if there is no GET or POST data... But that seems bonkers cause the links and or hidden values would still be visible by view source or copying the link. So again, what's the point in hiding them?