Web Analytics Made Easy -
StatCounter PHP value passing from one page to another without form - CodingForum

Announcement

Collapse
No announcement yet.

PHP value passing from one page to another without form

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PHP value passing from one page to another without form

    Hello everyone, I want to know about value passing from one page to another without form and without showing in the URL. If there is a way to do this task please help me and suggest me. Thank you.

  • #2
    You can use PHP SESSION, cookies, hidden POST variables ...

    Give example of what you are trying to pass, and if the user is logged-in or not. Also, how many variables (values).

    There is more than one way to do this.

    Comment


    • #3
      for example:

      <a href='hello.php?s=4'>click me</a>

      in the above line of code i just want to hide the value of s in the URL when we click to the link. so that the user cannot s=4 in the url.

      Comment


      • #4
        And why do you want to hide the parameter?

        Actually, it would be helpful if you provided a real, actual case and some background information, not just a fantasy URL that doesn't really tell us anything.

        Comment


        • #5
          Hiding the value is pointless - all of the methods for passing values between pages can have the value being passed changed by the person using the browser whether the value is visible or hidden. Decent browsers hide the querystring except when the addressbar has the focus anyway.
          Stephen
          Learn Modern JavaScript - http://javascriptexample.net/
          Helping others to solve their computer problem at http://www.felgall.com/

          Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

          Comment


          • #6
            Are you hiding it for simple esthetic appearance of the URL address, or because you never want someone to see it?

            Comment


            • #7
              Originally posted by felgall View Post
              Hiding the value is pointless - all of the methods for passing values between pages can have the value being passed changed by the person using the browser whether the value is visible or hidden. Decent browsers hide the querystring except when the addressbar has the focus anyway.

              I think what he is wanting is to obfuscate the URL parameter so that a user cannot change the get parameter to s=5, s=6, s=7, etc.

              OP, you would need to encrypt/decrypt the GET parameter. There are numerous ways to go about it.

              If the parameter is "encrypted", no one is going to be able to know how to change the value to another valid value.

              So you would end up with something like
              Code:
              <a href='hello.php?s=e4da3b7fbbce2345d7772b0674318d5'>click me</a>
              Do a search for encrypt url parameters

              One option is to use UUID instead of sequential numbering.
              @Jaques1 comment on UUID's from another forum:

              MySQL uses a weak, obsolete UUID implementation which is based on the timestamp and the MAC address. While this may still be “good enough” for your purpose, a CSPRNG will provide actual randomness with no extra work.
              Here is an example implementation
              (The WHERE example data needs to be replaced with the data from the select example AFTER you run the INSERT. Insert whatever data for a user)

              PHP Code:
              CREATE TABLE `users` (
                
              id BINARY(16NOT NULL,
                
              user VARCHAR(15NOT NULL ,
                
              PRIMARY KEY (id)
              ENGINE=InnoDB DEFAULT CHARSET=utf8;

              // Insert 
              INSERT INTO users (idVALUES UNHEX(REPLACE(UUID(), '-''')) ) 

              //Select 
              SELECT hex(idFROM users

               
              //Select Where 
              SELECT user FROM users WHERE id unhex('A14CDAF7127511E696BE3085A9AE86BC')// Hexed value 

              There is more to be said on this subject. Perhaps @Jaques1 will provide more information for you.[
              Last edited by benanamen; Sep 7, 2016, 10:09 PM.
              To save time, lets just assume I am almost never wrong.

              The XY Problem
              The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

              Make A Donation https://www.paypal.me/KevinRubio

              Comment


              • #8
                Originally posted by benanamen View Post
                If the parameter is "encrypted", no one is going to be able to know how to change the value to another valid value.
                They could just automate having it try values one by one until it finds one that works - note that the querystring is no less secure than using post or cookies as they get passed between the pages in a way that can be changed just as easily as the querystring when you know how - so if you consider encrypting the value to be worthwhile then you should do it regardless of the method used to pass it between pages.
                Stephen
                Learn Modern JavaScript - http://javascriptexample.net/
                Helping others to solve their computer problem at http://www.felgall.com/

                Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

                Comment


                • #9
                  As I said...

                  There is more to be said on this subject
                  It is basically Security By Obscurity. The average user is not going to be able to just change the value and make it work. OP has also not said exactly why he wants to do it. There may be a better solution depending on his needs.
                  Last edited by benanamen; Sep 7, 2016, 10:47 PM.
                  To save time, lets just assume I am almost never wrong.

                  The XY Problem
                  The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

                  Make A Donation https://www.paypal.me/KevinRubio

                  Comment


                  • #10
                    Originally posted by benanamen View Post
                    The average user is not going to be able to just change the value
                    The average user wouldn't even want to change the value - anyone who wants to change values like that knows how to access the values to change them regardless of how they are being passed - After all they would have added an extension to their browser to make updating the headers as easy as updating the addressbar (well strictly speaking they'd have to make one more mouse click but that's trivial)
                    Stephen
                    Learn Modern JavaScript - http://javascriptexample.net/
                    Helping others to solve their computer problem at http://www.felgall.com/

                    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

                    Comment


                    • #11
                      The ability to change the value is a non-issue. It can easily be changed a number of ways. Changing the value to a valid value is a whole other thing.
                      Last edited by benanamen; Sep 7, 2016, 10:55 PM.
                      To save time, lets just assume I am almost never wrong.

                      The XY Problem
                      The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

                      Make A Donation https://www.paypal.me/KevinRubio

                      Comment


                      • #12
                        Originally posted by benanamen View Post
                        Changing the value to a valid value is a whole other thing.
                        Only where the script reading it actually validates/sanitises the value before trying to use it - the number of newbies that simply copy the value for use without validating or at least sanitising it means that there is a reasonable chance of any value actually being processed by the script even when it is completely meaningless or even harmful.
                        Stephen
                        Learn Modern JavaScript - http://javascriptexample.net/
                        Helping others to solve their computer problem at http://www.felgall.com/

                        Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

                        Comment


                        • #13
                          You can use sessions to securely pass data between two pages. That is why they exists and excel over cookies (cookies store only the session key. Session data is stored server side)
                          If it needs to be passed via get/post request then you can add HAMAC to be sure parameters are not changed https://en.wikipedia.org/wiki/Hash-b...ntication_code
                          HTTPS already does the encrypting/decrypting. Why bother with own bad solutions?
                          Last edited by Vege; Sep 8, 2016, 07:05 AM.
                          Don't use old mysql library
                          The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets
                          When a white horse is not a horse

                          Comment


                          • #14
                            I'm with the "use sessions" crowd -- don't send values client side if you don't have to! In fact, sending it client side is probably one of the DUMBEST things you can do since it opens the door to people screwing with it. Remember, anything you send client side has to be rechecked, revalidated, and becomes utterly and completely untrustworthy.

                            I've seen it time and time again where people send values client side that just open up security holes -- at least if they screw with a session key all they do is break the session and destroy the link to that data, instead of giving them free and open leave to mess with the data.
                            Walk the dark path, sleep with angels, call the past for help.
                            https://cutcodedown.com
                            https://medium.com/@deathshadow

                            Comment


                            • #15
                              It's funny how everybody speculates about security problems when the OP hasn't even said why they want to omit the URL parameter.

                              Comment

                              Working...
                              X