By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,278 Members | 1,358 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,278 IT Pros & Developers. It's quick & easy.

Passing the Value to other page using ahref

P: 25
Hello everyone, i just saw the same thread below but was not able to get from it.
Well the problem is in the userlist page i have a list of users on the database which i get from simple sql queries. On the same page on the side of each User i have delete link. Also inside the while Loop that runs sql and prints User Names i have some variable say $userid = $row ["userid"] . But I am not sure how i am going to transfer this $userid to other page when Delete Url is clicked.

THe current Url for Delete link is [PHP] href='adminlogin.php?mode=user_delete [/PHP]
and i am using in my main adminlogin.php page if then statement. so i have [PHP]
if ($_GET['mode'] == "user_delete")
{
include "user_delete.php";
}
[/PHP]

So now how can i pass the value of userid when the Delete Url is clicked.

Any thoughts. or any idea would be highly appriciated
Feb 16 '07 #1
Share this Question
Share on Google+
5 Replies


P: 25
I think i just got the solution ... Its working now...

I used the href link as <a href='adminlogin.php?mode=user_delete&userid=<?php echo $userid; ?>'>
and it worked...
Feb 16 '07 #2

ronverdonk
Expert 2.5K+
P: 4,258
Just pass the userid in the url parameter, like
[php]href='adminlogin.php?mode=user_delete?user=$user[/php]'

Since this is a GET call, you better verify all parameter values passed very thoroughly, otherwise some hacker might just try to call your delete script passing millions of guessed userids!

Ronald :cool:
Feb 16 '07 #3

P: 25
Just pass the userid in the url parameter, like
[php]href='adminlogin.php?mode=user_delete?user=$user[/php]

Since this is a GET call, you better verify all parameter values passed very thoroughly, otherwise some hacker might just try to call your delete script passing millions of guessed userids!

Ronald :cool:
Hey thanks a lot Ronverdonk... I didnt knew about that i mean the GET problem. So inorder to protect people not to try with random userid What is the good idea to follow.. Or is there any alternative of Using $_GET. I am not much familier with security issues. So could you please enlighten me on this.

Thanks again ,
Feb 16 '07 #4

ronverdonk
Expert 2.5K+
P: 4,258
The url and the parameters show up in the address bar of the browser. So someone could get an idea (and you bet it will happen) and try out all kinds of tricks with that.

So to start you must always sanitize the data you get in your program. To remove any unwanted appended code, save the passed userid after cleansing it, like this:
[php]$userid = trim(strip_tags($_GET['userid']));[/php]

Then see if you have a maximum length gor any userid. Let's say it is 5, so check the length.
[php]if (strlen($userid) > 5)
die ("Invalid userid");
[/php]
When your userids must consist of only characters and digits, you check that. And you check that passed userid until you are (relatively) sure that it is a valid userid.

Ronald :cool:
Feb 16 '07 #5

P: 25
Hey Ronald,
Thanks a lot for the details. I will try to see what i can do to make it more secure. I really appreciate your help.
Feb 16 '07 #6

Post your reply

Sign in to post your reply or Sign up for a free account.