开发者

Securing variables carried in links

开发者 https://www.devze.com 2023-03-08 23:59 出处:网络
Is there a way to secure variables carried in links in PHP when moving information from one page to another? so that the passport number does not show on the address bar in its original form for secur

Is there a way to secure variables carried in links in PHP when moving information from one page to another? so that the passport number does not show on the address bar in its original form for security purposes.

<a开发者_Go百科 href=\"edit_employee.php?$employee[passport_number]\">" . $row['first_name'];> 


The simple answer to this question is there isn't, by placing a "sensitive" piece of information in the URL you make it public (to anyone who sees that URL when using the site). There are a number of ways to "hide" the data in the URL by encoding it, but they don't really protect the data.

The only option, if you want it in the URL, left is to encrypt the information with a two-way encryption scheme. This is CPU intensive and probably not necessary.

As deceze and Alex Coles suggested, one way to handle this is to assign each employee a random id number unique to them, and then use this number to pull the sensitive information from the database, preventing it from ever being placed in the URL. Given your need for search (per your comment) this solution seems the most appropriate, consider this example:

Employee Name: John Doe

Passport#: 123456789

Employee ID: 2899

When you are writing your search code, simply return a link like this:

<a href=\"edit_employee.php?$employee[employee_id]\">" . $row['first_name'];> 

then on the edit_employee.php page simply pull the employee information from the database using the id number.

Hope this helps.


use urlencode()

<?php
$link = 'edit_employee.php?passport_number=' . urlencode($employee[passport_number]);
echo "<a href=\"$link\">test</a>";

-- edit --

if you don't want it to be shown on address bar, use $_COOKIE or $_SESSION

    <?php
    // a.php
    setcookie('number', $employee[passport_number]);
// or $_SESSION['number'] = $employee[passport_number];


    <?php
    //b.php
    echo $_COOKIE['number'];
// or $_SESSION['number']


You could store the employee passport number in a session, but it would be better to use a unique ID for employees, rather than referencing them by passport number.


When getting the variable from URL, you can probably specify the type of variable in the url, for example $passport_number=(int)$_GET['passport_number'];

0

精彩评论

暂无评论...
验证码 换一张
取 消