Hi
I'm trying to pass variables to php pages without using a querystring or GET in a secure manner.
I have a Do-While loop that pulls fields from a DB, ie
<?if (mysql_num_rows($result))
{
do{
?>
<a href="edit_file.php?id=<?=$row['id']?>"><?=$row['name']?></a><br>
<?}
}while($row = mysql_fetch_array($result))
?>
Obviously this is insecure as it creates URLs like edit_file.php?id=7 which can be hacked.
I cant use $_SESSION['id']=$row['id'] because the session variable will always be set to the last id once the loop is finished, so regardless of which link is clicked when edit_file.php queries $_SESSION['id'] it'll return the last id in the above loop. I cant use a POST form as I want a clickable link...
Can anyone offer an alternative approach?
cheers
I'm trying to pass variables to php pages without using a querystring or GET in a secure manner.
I have a Do-While loop that pulls fields from a DB, ie
<?if (mysql_num_rows($result))
{
do{
?>
<a href="edit_file.php?id=<?=$row['id']?>"><?=$row['name']?></a><br>
<?}
}while($row = mysql_fetch_array($result))
?>
Obviously this is insecure as it creates URLs like edit_file.php?id=7 which can be hacked.
I cant use $_SESSION['id']=$row['id'] because the session variable will always be set to the last id once the loop is finished, so regardless of which link is clicked when edit_file.php queries $_SESSION['id'] it'll return the last id in the above loop. I cant use a POST form as I want a clickable link...
Can anyone offer an alternative approach?
cheers