View Full Version : Passing Variables - Best/Common Practices

07-24-2007, 01:11 PM
When I pass a variable from one page to another using something like


This is in plain sight in the address bar. In the example above I am passing the name of one of my DB fields.

Should I be concerned about users seeing the names of my DB fields?

Without using a form, how would I pass these same variables via a POST (if possible)?

What types of information/variables (aside from personal info, passwords, credit card#'s etc...) should be passed using sessions?

Being new to PHP I am looking for general "best practices". I'd rather ask at the start than have to unlearn bad habbits later.


07-24-2007, 01:18 PM
you don't have to name the get query strings the same as the DB fields. In fact i recommend using completely different names to avoid any sort of injections.
If you want to remove them from the address bar try using post queries.

07-25-2007, 06:00 PM
Without using a form, how do you pass variable via a POST? So far I have only seen how to pass via "my_page.php?var=1" type of examples. What is the format for passing via post?

07-25-2007, 06:10 PM
You can pass variables via SESSIONS as well, which is probably the best way to go, in your case.