...

View Full Version : Passing Variables - Best/Common Practices



Nightchild
07-24-2007, 02:11 PM
When I pass a variable from one page to another using something like

"www.mysite.com/page2.php?order=user_id&dir=asc"

This is in plain sight in the address bar. In the example above I am passing the name of one of my DB fields.

Should I be concerned about users seeing the names of my DB fields?

Without using a form, how would I pass these same variables via a POST (if possible)?

What types of information/variables (aside from personal info, passwords, credit card#'s etc...) should be passed using sessions?

Being new to PHP I am looking for general "best practices". I'd rather ask at the start than have to unlearn bad habbits later.

Thanks

timgolding
07-24-2007, 02:18 PM
you don't have to name the get query strings the same as the DB fields. In fact i recommend using completely different names to avoid any sort of injections.
If you want to remove them from the address bar try using post queries.

Nightchild
07-25-2007, 07:00 PM
Without using a form, how do you pass variable via a POST? So far I have only seen how to pass via "my_page.php?var=1" type of examples. What is the format for passing via post?

whizard
07-25-2007, 07:10 PM
You can pass variables via SESSIONS as well, which is probably the best way to go, in your case.

HTH
Dan



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum