Page 1 of 1

SESSION or GET?

Posted: Sun Mar 14, 2010 5:48 am
by michaeru
Which is better?

This..

Code: Select all

 
 
<a href="forms.php?act=add&cat=venue">Add Venue</a>
 
// Once clicked, will go to the said page and...
URL: forms.php?act=add&cat=venue
<?php
 
  if($_GET['act'] == 'add' && $_GET['cat'] == 'venue') {
 
    // code here
 
  }
 
?>
 
 
Or this..?

Code: Select all

 
 
<a href="controller.php?act=add&cat=venue">Add Venue</a>
 
// Once clicked, will go to the said page and...
URL: controller.php?act=add&cat=venue
<?php
 
  if(isset($_GET['act']) && isset($_GET['cat'])) {
 
    $_SESSION['act'] = $_GET['act'];
    $_SESSION['cat'] = $_GET['cat'];
 
    header('Location: form.php');
 
  }
 
?>
 
// Will be redirected to this page..
URL: form.php
<?php
 
  if($_SESSION['act'] == 'add' && $_SESSION['cat'] == 'venue') {
 
    // code here
 
  }
 
?>
 
 
Where am I getting at? I want the URL to be secure from manipulation. The site I am making should prevent users from jumping or skipping pages.

Re: SESSION or GET?

Posted: Sun Mar 14, 2010 6:27 am
by Darhazer
Both urls are manipulated in exactly the same way - changing the value of act and cat parameter.
Instead of trying to harder URL manipulation, validate your data. Keep in mind that POST can also be manipulated.

Re: SESSION or GET?

Posted: Sun Mar 14, 2010 7:06 am
by michaeru
Okay then, If I were to use one of the above codes, which one will you prefer? Using GET or SESSION to hold the act and cat values?

And, your point is that we validate the data sent instead of trying to prevent the data from being changed?

Re: SESSION or GET?

Posted: Sun Mar 14, 2010 8:10 am
by Darhazer
michaeru wrote:Okay then, If I were to use one of the above codes, which one will you prefer? Using GET or SESSION to hold the act and cat values?

And, your point is that we validate the data sent instead of trying to prevent the data from being changed?
You are using GET it both cases to pass the values. If you need to save them for later, you can store them in session. If you don't need - do not store them.

GET is a method to pass data to the script. SESSION is a method for storing that data. There cannot be 'or', because those are different things.

Re: SESSION or GET?

Posted: Sun Mar 14, 2010 10:25 am
by michaeru
Thanks.