Welcome Guest, Not a member yet? Register   Sign In
Is there an easy way to work with parameters, but without seeing them in urls?

I'm working with some functions that require 3 or more parameters
I'm passing all of them in the url

Is there an easy way to avoid them showing in urls? Should I replace (in views) links with parameters by forms and hidden fields? Ajax? Encrypt Parameters?

I'd like users to avoid playing manually with parameters in the url


Possible solutions: hidden form-fields or session storage.

Though implementing it using the session for storage might be hassle, I can't really estimate it.

It really depends on what parameters you're talking about.

It may be possible just to hard code them into your controller??? If so they are safe and cannot be tampered with by the user.

Hidden form fields should NOT be used with the view of "preventing user tampering". It doesn't matter if it's in the URL as a parameter or a hidden input, you'll still need to validate it in your controller or model! There are numerous plugins and browser extensions that allow users to tamper with post data (ie, the values of hidden inputs).

Remember, EVERY piece of user input has to be validated, there is no easy way around this. If it's an db ID/primary_key in your url, you'll have to validate that its an int, etc.

Theme © iAndrew 2016 - Forum software by © MyBB