/    Sign up×
Community /Pin to ProfileBookmark

Address Bar

Copy linkTweet thisAlerts:
Feb 16.2016

I am developing a basic program to run online.

i noticed using the address bar after the ID tag a person can type in a different id and go to that page.

Eg MessagesReceived.php?id=27 someone can type MessagesReceived.php?id=30 and go to the id 30

how can i avoid it.

Please help

thanks

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@RuchithauthorFeb 16.2016 — anyone can help me ????
Copy linkTweet thisAlerts:
@ginerjmFeb 16.2016 — Don't use the GET method in your form - use POST instead.
Copy linkTweet thisAlerts:
@rootFeb 17.2016 — You can't stop people from changing the data in the address bar, as advised, use POST or you could use the PHP SESSION to track page numbers
Copy linkTweet thisAlerts:
@RuchithauthorFeb 17.2016 — that is true i noticed it. but in some places, like picking a paticular record can not be done without using POST right. so then what can i do.

i will play around with the code and see if there is a way i can use the POST function. but if possible let me know another way ya
Copy linkTweet thisAlerts:
@RuchithauthorFeb 17.2016 — i just realised is there a way that i can disable someone typing in on the address bar ? else how is it done here. using the ID number - MemberName.

is it directly in to the database its saved or is called in at run time.

hope you would have some time to answer my queries

thanks in advance
Copy linkTweet thisAlerts:
@ginerjmFeb 17.2016 — As said before - you really SHOULD NOT use the GET method for this type of appl. Use POST! Simply change your form tag to say method='POST' and then in your php code use $_POST['fieldname'] instead of $_GET['fieldname']. Simple. And be sure to validate the inputs so that users don't try and hack your appl by entering malicious data.
×

Success!

Help @Ruchith spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.1,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...