Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Hide parameter from URL
Hide parameter from URL
  • Offline Corsari
    Member
  • ***
  • Posts: 104
    Threads: 25
    Joined: Jun 2017
    Reputation: 4
#11
05-06-2023, 01:22 AM
(This post was last modified: 05-06-2023, 01:23 AM by Corsari.)

(05-05-2023, 10:28 PM)InsiteFX Wrote: I actually use both methods, sessions and form hidden fields.

so no EXCLUSIVE use of the URL Helper and its facilities to get and set URL query strings
Reply
  • Offline Corsari
    Member
  • ***
  • Posts: 104
    Threads: 25
    Joined: Jun 2017
    Reputation: 4
#12
05-06-2023, 08:24 AM
(This post was last modified: 05-06-2023, 08:28 AM by Corsari.)

More than hiding is meant to avoid using sessions and hidden fields

I'm wondering about CI URL helper , CI Form helper and PHP native http_build_query()

I mean: get , eventually modify and return to view the query string but managing itself as property or variable to be passed from view forms to controllers and vice-versa, ending up to don't see anymore the query string in the URL

no more query string not as an aim/goal, but as simple consequence.

Obviously, hovering on the view links, you will see the full URL with the query string, but because it then needs to be sent back to some controller.
Reply
#13
05-06-2023, 06:09 PM

I don't know for certain but I don't think what you're actually looking for is possible. I don't believe it's possible to use URL helper within a controller to make changes to the user's browser to strip out the query string or any part of the URL. You also mention another issue: if a user is hovering their mouse over a link, and the ID of the item you want to send them to in that link, then they can just copy and paste that link and play with it on their own.

If you want to send a user to an endpoint that shows them a specific record in a database somewhere, using PHP alone, I don't think you have any choice but to put SOME kind of identifier in the URL or in the query string.

However, I don't think you should be particularly scared about sending users to URLs with specific IDs in the URL, with the following caveats:

1) When I am faced with this problem, I am almost always using a role based solution. A record in a database has some kind of information to identify that the user who is logged in or viewing the record has the right permissions. If they don't, the system should redirect them to another page. That way, users cannot play with IDs in URLs and try to see something they shouldn't.

2) If there is no role based solution you can employ but you are concerned with sending users to very simple IDs (such as /someurl/1 for example) then you could generate a UUID for every row in your database and use this as your navigation. If employed correctly, each UUID will be completely unique and will be essentially unguessable. There are lots of softwares on the market using this as their solution.

Finally, as another potential solution that goes beyond URLs, if you were using JavaScript as your front end and the application was communicating with Codeigniter as a backend API, you'd have more choices on how to obfuscate the actual IDs but I imagine this is an overly complicated solution for your situation.

Again, I really don't see how you can achieve what you're looking to do, at least as I understand it, but others on this forum might know better on how to actually remove information from the URL after the user has arrived there.
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,332
    Threads: 291
    Joined: Oct 2014
    Reputation: 235
#14
05-06-2023, 09:46 PM

READ:

Hiding URL Parameters With a PHP Redirect
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB