Hi, I have developen one web application in php where in i have to pass many values like user id, order id, session id etc in query string for proper functioning. The site is working perfectly. The problem is that when i change any one of the query string value, the respectie page gets loaded. logically speaking this will happen if we change the query string value. But i want to know how to avoid this.
My website has URL similar to www.mysite.com/index.php?Id=1&p=orderlist
If i change the value of Id to 2, the respective contnt will get loaded. This shouldnt happen in my case. So please if some one now this, help me.
if it is the case then pass the variable using sessions rather then GET and i feel if possible session id should be never passed through url…
pass id and other variables that should not be changed in url manipulation through session…
(there is no harm in passing order_quantity through get)
Just so the OP knows, you can pass the session ID, as long as it is encrypted/decrypted. Then, you can avoid the data changing because of the querystring. Have a look into that. However, in your case, you could go with the above solution.
Why should that not happen? If you are not wanting anything to happen then maybe you should replace the site with a bunch of static HTML files. Now we could use session-cookies, but what about search engines? Never heard one keeping cookies and sessions. Then the question comes into place how do we change the page without telling PHP and its sessions the much needed info provided by the query string? So what exactly are you trying to do?
If this whole thing is some security related protection. Then there is nothing. Any security issues from this come from lazy developers who do not error check input and output.
well sir,i think i can understand what you mean when you say these …but my personal intution and some through observation tells me that
the case with this user is
he is using $_GET for even the parts that needs to be password protected like profile home page may be(as when learning person first learns _POST ,$_GET …and then slowly moves to $_SESSION and $_Cookies) so may be slowly he will know in that case $_Session should be used…or page is security related as you say.
I might be wrong ,but i feel this is the case here…