I have a form with multiple fields that I POST to a php page. The data is used to query a mysql database and is put into an html table.
But I wrap the ID of the results in an HREF. That way once you have a list of items clicking on this link sends the ID to another php page which gives you more information about it. See?
My issue is this HREF. It takes this form:
<A HREF='http://www.htmlforums.com/archive/index.php/moredetails.php?search_id=". $row['ID'] ."'>More details</A>");
Now this is an automatic GET (or so it seems) and the whole string "moredetails.php?search_id=number" is displayed in the address bar.
I don't want that. For security purposes I want to use POST. How can I do it with this linking method?put the data in a hidden input in a form, and use an onclick event in the anchor to perform submit action...
but wouldn't it be better to use a session variable?A hidden element can still be seen and changed, so it really isn't that much more secure. It might be more work but if you're going for security the best way would probably be to store the id in a session.for that sessions are over kill. plus klunky. cause after each time the page is worked up you would have to delete the session. so in case they pick another one. if you have more than one detail on each page it wouldn't work anyway.
I would use the GET method anyway. that way it will be tracked by the search engines as well.I suppose it doesn't matter actually. I'd just like to hide the passed variables from the address bar.well you could still do it as a hidden form element so that means have a small form for each detail. then you could use post. really doesn't matter which way you go.
But I wrap the ID of the results in an HREF. That way once you have a list of items clicking on this link sends the ID to another php page which gives you more information about it. See?
My issue is this HREF. It takes this form:
<A HREF='http://www.htmlforums.com/archive/index.php/moredetails.php?search_id=". $row['ID'] ."'>More details</A>");
Now this is an automatic GET (or so it seems) and the whole string "moredetails.php?search_id=number" is displayed in the address bar.
I don't want that. For security purposes I want to use POST. How can I do it with this linking method?put the data in a hidden input in a form, and use an onclick event in the anchor to perform submit action...
but wouldn't it be better to use a session variable?A hidden element can still be seen and changed, so it really isn't that much more secure. It might be more work but if you're going for security the best way would probably be to store the id in a session.for that sessions are over kill. plus klunky. cause after each time the page is worked up you would have to delete the session. so in case they pick another one. if you have more than one detail on each page it wouldn't work anyway.
I would use the GET method anyway. that way it will be tracked by the search engines as well.I suppose it doesn't matter actually. I'd just like to hide the passed variables from the address bar.well you could still do it as a hidden form element so that means have a small form for each detail. then you could use post. really doesn't matter which way you go.