Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.
<a href="forms.php?act=add&cat=venue">Add Venue</a>
// Once clicked, will go to the said page and...
URL: forms.php?act=add&cat=venue
<?php
if($_GET['act'] == 'add' && $_GET['cat'] == 'venue') {
// code here
}
?>
<a href="controller.php?act=add&cat=venue">Add Venue</a>
// Once clicked, will go to the said page and...
URL: controller.php?act=add&cat=venue
<?php
if(isset($_GET['act']) && isset($_GET['cat'])) {
$_SESSION['act'] = $_GET['act'];
$_SESSION['cat'] = $_GET['cat'];
header('Location: form.php');
}
?>
// Will be redirected to this page..
URL: form.php
<?php
if($_SESSION['act'] == 'add' && $_SESSION['cat'] == 'venue') {
// code here
}
?>
Where am I getting at? I want the URL to be secure from manipulation. The site I am making should prevent users from jumping or skipping pages.
Both urls are manipulated in exactly the same way - changing the value of act and cat parameter.
Instead of trying to harder URL manipulation, validate your data. Keep in mind that POST can also be manipulated.
michaeru wrote:Okay then, If I were to use one of the above codes, which one will you prefer? Using GET or SESSION to hold the act and cat values?
And, your point is that we validate the data sent instead of trying to prevent the data from being changed?
You are using GET it both cases to pass the values. If you need to save them for later, you can store them in session. If you don't need - do not store them.
GET is a method to pass data to the script. SESSION is a method for storing that data. There cannot be 'or', because those are different things.