Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

.htaccess and forms

  • 28-01-2010 11:03PM
    #1
    Reamer Fanny
    Closed Accounts Posts: 2,828 ✭✭✭


    Does anyone know how, if possible you can hide form variables using .htaccess or any other method. Let's say you post to a form customer.php, in the address bar you would have something like http://somesite.com/customer.php?firstname=ryan how can you hide the variables, I want to prevent people being able to manipulate these from the address bar.


Comments

  • #2
    Webmonkey
    Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Well that's a GET request, maybe you should be posting


  • #3
    NeverSayDie
    Registered Users, Registered Users 2 Posts: 515 ✭✭✭NeverSayDie


    As per Webmonkey's post, look up the difference between GET and POST - see here for detailed version;
    http://carsonified.com/blog/dev/the-definitive-guide-to-get-vs-post/

    Also keep in mind that just because the user can't see the form input in the URLs, doesn't mean they can't easily send you whatever form input they want. You must validate everything that comes from the client, regardless of what constraints you tried to put on the client - those were only suggestions to the user's browser, and they're easily ignored by someone who wants to do so. It's not something a casual user will be able to do (unlike fiddling the URL values as you mentioned), but it's pretty straightforward for someone who has a reasonable idea what they're doing.


Advertisement