PDA

View Full Version : Passing Variables - Best/Common Practices



Nightchild
07-24-2007, 01:11 PM
When I pass a variable from one page to another using something like

"www.mysite.com/page2.php?order=user_id&dir=asc"

This is in plain sight in the address bar. In the example above I am passing the name of one of my DB fields.

Should I be concerned about users seeing the names of my DB fields?

Without using a form, how would I pass these same variables via a POST (if possible)?

What types of information/variables (aside from personal info, passwords, credit card#'s etc...) should be passed using sessions?

Being new to PHP I am looking for general "best practices". I'd rather ask at the start than have to unlearn bad habbits later.

Thanks

timgolding
07-24-2007, 01:18 PM
you don't have to name the get query strings the same as the DB fields. In fact i recommend using completely different names to avoid any sort of injections.
If you want to remove them from the address bar try using post queries.

Nightchild
07-25-2007, 06:00 PM
Without using a form, how do you pass variable via a POST? So far I have only seen how to pass via "my_page.php?var=1" type of examples. What is the format for passing via post?

whizard
07-25-2007, 06:10 PM
You can pass variables via SESSIONS as well, which is probably the best way to go, in your case.

HTH
Dan