PDA

View Full Version : Keeping URL variables from being modified?


woofy
03-13-2011, 04:56 AM
Hi,

How do I make it so anyone can't modify the URL variables on a dynamic page?

For example... say I have the page (example.php?POINTS=10)

I don't want users to be able to just type 100 in the 10 spot to modify the input once its inserted into a database which pulls the info from the URL variable. So is there someway to lock the URL variables so they can't be changed?

DWcourse
03-13-2011, 05:15 PM
I don't believe there is anyway for you to control what users type in the address bar.

woofy
03-13-2011, 06:43 PM
Yeah I couldn't find any solution so I changed it to session variables that create the values.

edbr
03-14-2011, 01:44 AM
you could have defined variables as an array that are acceptable then checked against those values

davidj
03-14-2011, 10:28 AM
never use querystrings to pass values which govern the operation of your App

cant you store the values in a database?

ranjan
03-17-2011, 04:44 AM
You could use url encryption

http://www.owasp.org/index.php/How_to_protect_sensitive_data_in_URL's