469,327 Members | 1,333 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,327 developers. It's quick & easy.

Hide GET Variables --> Pass values using Session

Hello there!

Can someone please help me on this:
I have a php file which lists some records. On this list, the records
can be sorted on different columns. currently the sort column and the
direction of sorting is passed using GET values, this means the user
clicks the column name (which is a link) so the new sort column and
direction is passed to the script

<a href="main.php?page=news&sortfield=title&sortorder =asc">
now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that

1. when user clicks on column, the new sort order has to be set
2. page has to be reloaded, so new sort order gets displayed.

I'd like to do this using sessions, but I don't know how to update a
session value, when clicking on a link wihtout using GET values...
can someone give me a tip? like I said, the idea is to completely hide
the url GET values... Sessions are ok.

Thank you very much for your help here..

André
Jul 17 '05 #1
8 18609
On 17 Mar 2005 03:55:57 -0800, André Gasser wrote:
the idea is to completely hide the url GET values... Sessions are ok.


I don't think you can remove them from the link, you can get them out of
the address bar though, for example like this:

Write the link <a href="set.php?sortcol=name&sortorder=asc">. Let
set.php be a script without any output. Set session variables there
$_SESSION['sortcol']=$_GET['sortcol'] (with appropriate checks for
safety) and use header() to go back to $_SERVER['HTTP_REFERER']. Include
session_start() at top of every script.
--
Firefox Web Browser - Rediscover the web - http://getffox.com/
Thunderbird E-mail and Newsgroups - http://gettbird.com/
Jul 17 '05 #2
Ewoud Dronkert wrote:
[...] use header() to go back to $_SERVER['HTTP_REFERER'].


I would have thought that explicitly providing the URL would be
better. Relying on an optional header is a bad idea, surely?

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 17 '05 #3
André Gasser wrote:


now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that


You need to know about the HTML technology of forms and the "post" action,
and the PHP array $_POST.

Try this, then look up the HTML spec at www.w3c.org and reread the tutorial
to PHP:

<form action="someprogram.php" method="post">
Type something here: <input name="test"/>
<button type="submit"/>
</form>

Then make someprogram.php:

<?php
echo "You entered: ".$_POST["test"];
?>

Whether or not you store these preferences in a session or a database is
another discussion.
--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #4
On Thu, 17 Mar 2005 12:36:51 GMT, Michael Winter wrote:
I would have thought that explicitly providing the URL would be
better. Relying on an optional header is a bad idea, surely?


Of course, that's the safest. If his environment is controlled enough
(company internal web app) he might not need it. Which browsers or
platforms/setups are known for not providing the referrer?

--
Firefox Web Browser - Rediscover the web - http://getffox.com/
Thunderbird E-mail and Newsgroups - http://gettbird.com/
Jul 17 '05 #5
Ewoud Dronkert wrote:
Which browsers or platforms/setups are known for not providing
the referrer?


I recently upgraded Opera and by default it sent out my
referrer information. For what it's worth, I haven't
changed that yet.

I would advise against using $_SERVER['HTTP_REFERER']
without first checking not only that it is set, but also
that its value is in the form you're expecting. In short,
treat it as user input, because that's what it is.

news:MP************************@News.Individual.NE T

--
Jock
Jul 17 '05 #6
Ewoud Dronkert wrote:
On Thu, 17 Mar 2005 12:36:51 GMT, Michael Winter wrote:
I would have thought that explicitly providing the URL would be
better. Relying on an optional header is a bad idea, surely?
Of course, that's the safest. If his environment is controlled enough
(company internal web app) he might not need it.


True. It's also possible that the OP isn't aware that the Referer
[sic] header is optional, and that this /is/ for the Web. :P That's
the only reason why I brought it up.
Which browsers or platforms/setups are known for not providing the
referrer?


None spring to mind at the moment. However, all of the user agents I
can remember using have provided me with the ability to disable the
header. Whether disabling the header is a good idea or not is not up
for debate: it is the user's choice to make. It might also be the
choice of a third-party and the user may have no control over that
decision.

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 17 '05 #7
Kenneth Downs wrote:
André Gasser wrote:


now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that

You need to know about the HTML technology of forms and the "post" action,
and the PHP array $_POST.

Try this, then look up the HTML spec at www.w3c.org and reread the tutorial
to PHP:

<form action="someprogram.php" method="post">
Type something here: <input name="test"/>
<button type="submit"/>
</form>

Then make someprogram.php:

<?php
echo "You entered: ".$_POST["test"];
?>

Whether or not you store these preferences in a session or a database is
another discussion.

Yup use forms and/or sessions to hide the info, a database table is
another option, guess it depends how sensitive the GET parms are. If you
can then do it server side.
Jul 17 '05 #8
NSpam wrote:
Kenneth Downs wrote:
André Gasser wrote:


now my question is, if it's possible to hide those values, so they
don't appear on the url, but sorting should work anyway. This means
that

You need to know about the HTML technology of forms and the "post"
action, and the PHP array $_POST.

Try this, then look up the HTML spec at www.w3c.org and reread the
tutorial to PHP:

<form action="someprogram.php" method="post">
Type something here: <input name="test"/>
<button type="submit"/>
</form>

Then make someprogram.php:

<?php
echo "You entered: ".$_POST["test"];
?>

Whether or not you store these preferences in a session or a database is
another discussion.

Yup use forms and/or sessions to hide the info, a database table is
another option, guess it depends how sensitive the GET parms are. If you
can then do it server side.


I've been meaning to run some definitive speed tests to determine relative
speeds of db queries vs includes (with various path depths) vs extra bytes
on the wire for hidden inputs, but I'm just too durn lazy, it keeps getting
pushed back.

--
Kenneth Downs
Secure Data Software, Inc.
(Ken)nneth@(Sec)ure(Dat)a(.com)
Jul 17 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by Greg Linwood | last post: by
8 posts views Thread by Tim W. | last post: by
2 posts views Thread by dana lees | last post: by
6 posts views Thread by kath | last post: by
6 posts views Thread by =?Utf-8?B?U2hhd24gU2VzbmE=?= | last post: by
6 posts views Thread by =?Utf-8?B?Unlhbg==?= | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by listenups61195 | last post: by
reply views Thread by Purva khokhar | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.