SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Location
    Poole, Dorset, United Kingdom
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Protecting Variables in URL

    Hi had a look around but not sure what the best way to handle this.

    I have a client site where they are setting up dates in a calender table. Approx 90 URLs in the table which grab the time stamp, client ID & staffID and sent it to the database depending on which hour / minute you select.

    createAppointment=Y&slotFromTime=1336723200&slotToTime=1336724040&clientID=1234&staffID=1234&timeSlotID=&month=07&day=11&year=2012&v=true

    The clientID and staffID at the moment are just taken straight from the DB. I need to encrypt change these so you cant just go in and change to a different client or staff. I wondered about using a timestamp when setting up the client ID and staff ID as two times are never going to be the same and it would be pretty difficult to guess a correct time stamp.

    Any thoughts or other ideas.
    Steve

  2. #2
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,509
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    How about storing the client ID and staff ID in session variables?

  3. #3
    SitePoint Enthusiast
    Join Date
    Apr 2012
    Location
    Poole, Dorset, United Kingdom
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Never thought of that!!

    Many thanks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •