[SOLVED] Â How to pass variable through URL to external page securely |
3/12/2014 10:28:10 AM |
PHPRunner General questions | |
A
Abul author
I had an issue to create pdf from my order list page on the fly by using FPDF lib. I posted the issue to get help here. Fortunately I had solved by myself by passing variable through URL. However it created a security issue. Because the variable is visible on the external URL page which can be editable and easy to access to another unauthorized record by different user. I have solved this issue and now I am intending to post here if anyone gets help if they have the same issue as well as to find any hole in my code if anyone sees into it for further improvement. What this will do for you, it will pass your recordID from list page to external page through URL. Visitor can see the recordID on their URL address bar but they cannot edit the recordID to unauthorized access to another record. $var = $data["id"]; (id is for order table)
$var=$_GET['ord_id'];
You are done. Your new URL will be similar to http://localhost/test1/ord.php?ord_id=42&anyword=1d18ef5dfaea4681062809ea679c1582
Off topic: “FAIL” doesn’t mean you are fail rather it’s mean First Attempt In Learning. |
|
P
|
phenicie 3/13/2014 |
Thanks for sharing. That is a valuable add! i am not qualified to point out any holes though. |