Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

.htaccess and forms

Options
  • 28-01-2010 11:03pm
    #1
    Reamer Fanny
    Closed Accounts Posts: 2,828 ✭✭✭


    Does anyone know how, if possible you can hide form variables using .htaccess or any other method. Let's say you post to a form customer.php, in the address bar you would have something like http://somesite.com/customer.php?firstname=ryan how can you hide the variables, I want to prevent people being able to manipulate these from the address bar.


Comments

  • Options
    #2
    Webmonkey
    Registered Users Posts: 9,579 ✭✭✭Webmonkey


    Well that's a GET request, maybe you should be posting


  • Options
    #3
    NeverSayDie
    Registered Users Posts: 515 ✭✭✭NeverSayDie


    As per Webmonkey's post, look up the difference between GET and POST - see here for detailed version;
    http://carsonified.com/blog/dev/the-definitive-guide-to-get-vs-post/

    Also keep in mind that just because the user can't see the form input in the URLs, doesn't mean they can't easily send you whatever form input they want. You must validate everything that comes from the client, regardless of what constraints you tried to put on the client - those were only suggestions to the user's browser, and they're easily ignored by someone who wants to do so. It's not something a casual user will be able to do (unlike fiddling the URL values as you mentioned), but it's pretty straightforward for someone who has a reasonable idea what they're doing.


Advertisement