logo-dw

Go Back   Dreamweaver Club Forums > Hand Coders Forum > PHP
Register FAQ Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
Old 03-13-2011, 04:56 AM   #1
woofy
woofy's Avatar
 
Join Date: Dec 2007
Location: San Diego
Posts: 57
Default Keeping URL variables from being modified?

Hi,

How do I make it so anyone can't modify the URL variables on a dynamic page?

For example... say I have the page (example.php?POINTS=10)

I don't want users to be able to just type 100 in the 10 spot to modify the input once its inserted into a database which pulls the info from the URL variable. So is there someway to lock the URL variables so they can't be changed?
woofy is offline   Reply With Quote
Old 03-13-2011, 05:15 PM   #2
DWcourse
DWcourse's Avatar
 
Join Date: Apr 2009
Posts: 3,276
Default

I don't believe there is anyway for you to control what users type in the address bar.
__________________
If my answer helped, check out DWcourse.com for Dreamweaver tips and tutorials.
DWcourse is offline   Reply With Quote
Old 03-13-2011, 06:43 PM   #3
woofy
woofy's Avatar
 
Join Date: Dec 2007
Location: San Diego
Posts: 57
Default

Yeah I couldn't find any solution so I changed it to session variables that create the values.
woofy is offline   Reply With Quote
Old 03-14-2011, 01:44 AM   #4
edbr
edbr's Avatar
 
Join Date: Aug 2005
Location: Bali
Posts: 11,203
Default

you could have defined variables as an array that are acceptable then checked against those values
__________________
If you're happy and you know it shake your meds!
different style links examples

Flight / Hotel search
Free script download
Bali Villas

Last edited by edbr; 03-14-2011 at 02:22 AM..
edbr is offline   Reply With Quote
Old 03-14-2011, 10:28 AM   #5
davidj
davidj's Avatar
 
Join Date: Sep 2005
Location: The Toon (newcastle upon Tyne)
Posts: 8,256
Default

never use querystrings to pass values which govern the operation of your App

cant you store the values in a database?
__________________
Would you like to learn PHP from me? Check out -> www.codezenith.co.uk
davidj is offline   Reply With Quote
Old 03-17-2011, 04:44 AM   #6
ranjan
 
Join Date: Dec 2004
Posts: 405
Default

You could use url encryption

http://www.owasp.org/index.php/How_to_protect_sensitive_data_in_URL's
ranjan is offline   Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:48 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright 2006 DreamweaverClub.com