em back again with the new question
My question is about securing the webpages when passing variables thro URL.
I had done many query on the basis of variables passed thro URL..suppose i had friends editing section which displays the thumbnails of friends with a link as
<a href='...?module=editfriends&fren_id=xxx&axn=delete'>
when the user clicks on the link then query is performed as
Code: Select all
"DELETE from table WHERE fren_id='$_GET[fren_id]' AND user_id='$_SESSION[user_id]' LIMIT 1"suppose when the user goes directly thro URL and type= ......?module=editfriends&fren_id=yyy&axn=delete . then it performs the successful delete query .
what i want is to run the query only when the user clicks on the link rather than going directly thro URL.......
How to perform the secure Operation using $_GET[] variable (without passing the hidden variable using $_POST[])..????
any help n suggestion will be greatly apppreciated..