Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Jun 2007
    Location
    Canada
    Posts
    49
    Thanks
    1
    Thanked 1 Time in 1 Post

    Passing Variables - Best/Common Practices

    When I pass a variable from one page to another using something like

    "www.mysite.com/page2.php?order=user_id&dir=asc"

    This is in plain sight in the address bar. In the example above I am passing the name of one of my DB fields.

    Should I be concerned about users seeing the names of my DB fields?

    Without using a form, how would I pass these same variables via a POST (if possible)?

    What types of information/variables (aside from personal info, passwords, credit card#'s etc...) should be passed using sessions?

    Being new to PHP I am looking for general "best practices". I'd rather ask at the start than have to unlearn bad habbits later.

    Thanks

  • #2
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,519
    Thanks
    114
    Thanked 110 Times in 109 Posts
    you don't have to name the get query strings the same as the DB fields. In fact i recommend using completely different names to avoid any sort of injections.
    If you want to remove them from the address bar try using post queries.
    You can not say you know how to do something, until you can teach it to someone else.

  • #3
    New Coder
    Join Date
    Jun 2007
    Location
    Canada
    Posts
    49
    Thanks
    1
    Thanked 1 Time in 1 Post
    Without using a form, how do you pass variable via a POST? So far I have only seen how to pass via "my_page.php?var=1" type of examples. What is the format for passing via post?

  • #4
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    You can pass variables via SESSIONS as well, which is probably the best way to go, in your case.

    HTH
    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •