开发者

Securing variables carried in links

问答 作者:

Is there a way to secure variables carried in links in PHP when moving information from one page to another? so that the passport number does not show on the address bar in its original form for security purposes.

<a开发者_Go百科 href=\"edit_employee.php?$employee[passport_number]\">" . $row['first_name'];>

The simple answer to this question is there isn't, by placing a "sensitive" piece of information in the URL you make it public (to anyone who sees that URL when using the site). There are a number of ways to "hide" the data in the URL by encoding it, but they don't really protect the data.

The only option, if you want it in the URL, left is to encrypt the information with a two-way encryption scheme. This is CPU intensive and probably not necessary.

As deceze and Alex Coles suggested, one way to handle this is to assign each employee a random id number unique to them, and then use this number to pull the sensitive information from the database, preventing it from ever being placed in the URL. Given your need for search (per your comment) this solution seems the most appropriate, consider this example:

Employee Name: John Doe

Passport#: 123456789

Employee ID: 2899

When you are writing your search code, simply return a link like this:

<a href=\"edit_employee.php?$employee[employee_id]\">" . $row['first_name'];>

then on the edit_employee.php page simply pull the employee information from the database using the id number.

Hope this helps.

use urlencode()

<?php
$link = 'edit_employee.php?passport_number=' . urlencode($employee[passport_number]);
echo "<a href=\"$link\">test</a>";

-- edit --

if you don't want it to be shown on address bar, use $_COOKIE or $_SESSION

    <?php
    // a.php
    setcookie('number', $employee[passport_number]);
// or $_SESSION['number'] = $employee[passport_number];


    <?php
    //b.php
    echo $_COOKIE['number'];
// or $_SESSION['number']

You could store the employee passport number in a session, but it would be better to use a unique ID for employees, rather than referencing them by passport number.

When getting the variable from URL, you can probably specify the type of variable in the url, for example $passport_number=(int)$_GET['passport_number'];

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9