472,145 Members | 1,607 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > php > questions > hide get variables --> pass values using session

Join Bytes to post your question to a community of 472,145 software developers and data experts.

Hide GET Variables --> Pass values using Session

Hello there!

Can someone please help me on this:
I have a php file which lists some records. On this list, the records
can be sorted on different columns. currently the sort column and the
direction of sorting is passed using GET values, this means the user
clicks the column name (which is a link) so the new sort column and
direction is passed to the script

<a href="main.php?page=news&sortfield=title&sortorder =asc">
now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that

1. when user clicks on column, the new sort order has to be set
2. page has to be reloaded, so new sort order gets displayed.

I'd like to do this using sessions, but I don't know how to update a
session value, when clicking on a link wihtout using GET values...
can someone give me a tip? like I said, the idea is to completely hide
the url GET values... Sessions are ok.

Thank you very much for your help here..

André
Jul 17 '05 #1
8 18716
On 17 Mar 2005 03:55:57 -0800, André Gasser wrote:
the idea is to completely hide the url GET values... Sessions are ok.


I don't think you can remove them from the link, you can get them out of
the address bar though, for example like this:

Write the link <a href="set.php?sortcol=name&sortorder=asc">. Let
set.php be a script without any output. Set session variables there
$_SESSION['sortcol']=$_GET['sortcol'] (with appropriate checks for
safety) and use header() to go back to $_SERVER['HTTP_REFERER']. Include
session_start() at top of every script.
--
Firefox Web Browser - Rediscover the web - http://getffox.com/
Thunderbird E-mail and Newsgroups - http://gettbird.com/
Jul 17 '05 #2
Ewoud Dronkert wrote:
[...] use header() to go back to $_SERVER['HTTP_REFERER'].


I would have thought that explicitly providing the URL would be
better. Relying on an optional header is a bad idea, surely?

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 17 '05 #3
André Gasser wrote:


now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that


You need to know about the HTML technology of forms and the "post" action,
and the PHP array $_POST.

Try this, then look up the HTML spec at www.w3c.org and reread the tutorial
to PHP:

<form action="someprogram.php" method="post">
Type something here: <input name="test"/>
<button type="submit"/>
</form>

Then make someprogram.php:

<?php
echo "You entered: ".$_POST["test"];
?>

Whether or not you store these preferences in a session or a database is
another discussion.
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #4
On Thu, 17 Mar 2005 12:36:51 GMT, Michael Winter wrote:
I would have thought that explicitly providing the URL would be
better. Relying on an optional header is a bad idea, surely?


Of course, that's the safest. If his environment is controlled enough
(company internal web app) he might not need it. Which browsers or
platforms/setups are known for not providing the referrer?

--
Firefox Web Browser - Rediscover the web - http://getffox.com/
Thunderbird E-mail and Newsgroups - http://gettbird.com/
Jul 17 '05 #5
Ewoud Dronkert wrote:
Which browsers or platforms/setups are known for not providing
the referrer?


I recently upgraded Opera and by default it sent out my
referrer information. For what it's worth, I haven't
changed that yet.

I would advise against using $_SERVER['HTTP_REFERER']
without first checking not only that it is set, but also
that its value is in the form you're expecting. In short,
treat it as user input, because that's what it is.

news:MP************************@News.Individual.NE T

--
Jock
Jul 17 '05 #6
Ewoud Dronkert wrote:
On Thu, 17 Mar 2005 12:36:51 GMT, Michael Winter wrote:
I would have thought that explicitly providing the URL would be
better. Relying on an optional header is a bad idea, surely?
Of course, that's the safest. If his environment is controlled enough
(company internal web app) he might not need it.


True. It's also possible that the OP isn't aware that the Referer
[sic] header is optional, and that this /is/ for the Web. :P That's
the only reason why I brought it up.
Which browsers or platforms/setups are known for not providing the
referrer?


None spring to mind at the moment. However, all of the user agents I
can remember using have provided me with the ability to disable the
header. Whether disabling the header is a good idea or not is not up
for debate: it is the user's choice to make. It might also be the
choice of a third-party and the user may have no control over that
decision.

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 17 '05 #7
Kenneth Downs wrote:
André Gasser wrote:


now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that

You need to know about the HTML technology of forms and the "post" action,
and the PHP array $_POST.

Try this, then look up the HTML spec at www.w3c.org and reread the tutorial
to PHP:

<form action="someprogram.php" method="post">
Type something here: <input name="test"/>
<button type="submit"/>
</form>

Then make someprogram.php:

<?php
echo "You entered: ".$_POST["test"];
?>

Whether or not you store these preferences in a session or a database is
another discussion.

Yup use forms and/or sessions to hide the info, a database table is
another option, guess it depends how sensitive the GET parms are. If you
can then do it server side.
Jul 17 '05 #8
NSpam wrote:
Kenneth Downs wrote:
André Gasser wrote:


now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that

You need to know about the HTML technology of forms and the "post"
action, and the PHP array $_POST.

Try this, then look up the HTML spec at www.w3c.org and reread the
tutorial to PHP:

<form action="someprogram.php" method="post">
Type something here: <input name="test"/>
<button type="submit"/>
</form>

Then make someprogram.php:

<?php
echo "You entered: ".$_POST["test"];
?>

Whether or not you store these preferences in a session or a database is
another discussion.

Yup use forms and/or sessions to hide the info, a database table is
another option, guess it depends how sensitive the GET parms are. If you
can then do it server side.


I've been meaning to run some definitive speed tests to determine relative
speeds of db queries vs includes (with various path depths) vs extra bytes
on the wire for hidden inputs, but I'm just too durn lazy, it keeps getting
pushed back.

--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #9

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics
Trouble with using Session state
9 posts views Thread by Greg Linwood | last post: by
Loss of values in session
8 posts views Thread by Tim W. | last post: by
Using session variables in .cs file
2 posts views Thread by dana lees | last post: by
how do I pass values between classes?
6 posts views Thread by kath | last post: by
AJAX not working when using Session variables.
6 posts views Thread by =?Utf-8?B?U2hhd24gU2VzbmE=?= | last post: by
Pass values b/w forms using properties
6 posts views Thread by =?Utf-8?B?Unlhbg==?= | last post: by
openGauss security policy
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates