I have a edit page that looks at record_id's in the url.. I don't want the user to see any record id, that way they can't replace it with another and edit another record....
Anyways, my url is like:
http://www.mywebsite.com/folder/folder_detail_edit.php?recordID=3980
I would like it to just开发者_如何学运维 display:
http://www.mywebsite.com/folder/folder_detail_edit.php
Is this possible regardless of the recordID???
You should use the http post method to send this data to the server, this way, it won't be visible in the url.
Take a look here
The central problem is not that the record ID is visible and thus can be replaced but that your application allows your users to modify all records. That’s an authorization problem. And hiding the ID does not solve that since the record has to be identified somehow.
You should better implement some authorization mechanism so that your users can only access and modify those records that they are allowed to.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论