How to submit options or values in correct way

buzz

Hi out there!

I'm coding in php for about half a year but i didn't know how to submit options or values back to my php page in a correct and fine way. There are a lot of meanings out there in net talking about hidden forms, globals or db-driven ways. I have to tell my page for example what kind of sorting order the user wants to use, what he wants to do (updating an entry or just listing all entrys in db). At the moment i do that by adding an option string to the url like "showentrys.php?option=list&sortby=date_desc". So what is the correct way to use?

Any suggestions?

Greetz,

buzz

bastien

but ensure values are checked to disallow any unauthorized db activity like an sql injection attack, especially dynamic variables

hth

buzz

Hey Bastien!

Thanx for your answer. But is this, as i described in the posting before, a really fine way to do that? Is this the way everybody does it?

I hope i did everything secure and checked every possible hole but i think if you don't take any value submitted by a user to be directly inserted into a sql query or to be a direct redirect, not really much can go wrong?! I everytime take the values submitted by a user into a special script, parse the input and decide what to do so i think it should be secure.

Am i right?

bastien

the only thing you MAY need to worry about is the length of the elements passings through the URL...its limit is about 2000 characters....

otherwise its fine....

basically you don't want any sensitive info to be shown in the URL like Ids passwords, etc...

hth

buzz

Why? I allways post the username and passwords in the url section of a browser so a user can remember and better write down :-) Just kiddin :-)

Allright, thanx for your help!