/    Sign up×
Community /Pin to ProfileBookmark

Encoding Url parameters

Copy linkTweet thisAlerts:
Apr 22.2011

Hi
I was wondering about disguising/encoding urls containing data from the database. For example, on my site, i have a url which is mydomain.com/messages?thread=6

6 is the number for that thread. On my site, a thread is a series of private messages between 2 people. But someone could then change the thread number to try to see private threads between other users…I do always check that the logged in user has privileges to view the thread. But i feel a bit insecure about passing database id’s aroound all over the site. Do people generally encode urls containing database info?
Thanks

to post a comment
PHP

0Be the first to comment 😎

×

Success!

Help @Zander1983 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.5,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...