By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,409 Members | 1,604 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,409 IT Pros & Developers. It's quick & easy.

POST and GEt

P: n/a
Is there any way of sending a few variables through $_POST instead of $_GET
without FORMS ?
OR any way that sensitive details will not appear in the URL ?
Because I suppose if I want to delete a record from the database and I pass
the records _id through _GET i might have some problems with people
deleting records....
Jul 17 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Angelos wrote:
Is there any way of sending a few variables through $_POST instead of
$_GET without FORMS ?
OR any way that sensitive details will not appear in the URL ?
Because I suppose if I want to delete a record from the database and
I pass the records _id through _GET i might have some problems with
people deleting records....


Use a hidden form...

Berislav
Jul 17 '05 #2

P: n/a
One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable Berislav Lopac's handwriting:
Angelos wrote:
Is there any way of sending a few variables through $_POST instead of
$_GET without FORMS ?
OR any way that sensitive details will not appear in the URL ?
Because I suppose if I want to delete a record from the database and
I pass the records _id through _GET i might have some problems with
people deleting records....


Use a hidden form...

Berislav


In fact, you can even use PHP to send the POST data without the use of
forms. Such a topic has already been discussed here - try searching the
archives.

Cheers
Mike
Jul 17 '05 #3

P: n/a
Angelos wrote:
Is there any way of sending a few variables through $_POST instead of $_GET
without FORMS ?
OR any way that sensitive details will not appear in the URL ?
Because I suppose if I want to delete a record from the database and I pass
the records _id through _GET i might have some problems with people
deleting records....

Session variables.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 17 '05 #4

P: n/a
Now nothing stops peope from making their own forms and posting them to
your site, is there?

Jul 17 '05 #5

P: n/a
Angelos wrote:
Is there any way of sending a few variables through $_POST instead of $_GET without FORMS ?
OR any way that sensitive details will not appear in the URL ?
Because I suppose if I want to delete a record from the database and I pass the records _id through _GET i might have some problems with people
deleting records....


Either way (GET or POST), that's a sure-fire way of getting your site
and database getting fucked over by hackers. If someone wants to break
your site, it's just as easy to do with POST as with GET.

In your script, you must check whether the user is authorised to
perform delete operations. That way, it doesn't matter whether you use
GET or POST.

*ALWAYS* validate user input!!

--
Oli

Jul 17 '05 #6

P: n/a

"Oli Filth" <ca***@olifilth.co.uk> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...
Angelos wrote:
Is there any way of sending a few variables through $_POST instead of $_GET
without FORMS ?
OR any way that sensitive details will not appear in the URL ?
Because I suppose if I want to delete a record from the database and

I pass
the records _id through _GET i might have some problems with people
deleting records....


Either way (GET or POST), that's a sure-fire way of getting your site
and database getting fucked over by hackers. If someone wants to break
your site, it's just as easy to do with POST as with GET.

In your script, you must check whether the user is authorised to
perform delete operations. That way, it doesn't matter whether you use
GET or POST.


This is not possible because user will always be able to delete records...
or at list an administrator of the site.
Anyway .... I still didn't understand if I can only send them throu session
or I can with POST as well.. but thats ok...
Thanks *ALWAYS* validate user input!! I will !!!
--
Oli

Jul 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.