making variables passed via url more secure

harman

HI
I am looking for some useful tips on making the vars sent via url ( mypage.php?var1=1&var2=somevalue ) more secure, as in hide them or encrypt them. I dont have the mycrypt lib so something that doesnt use that...

marian

just hide them in a form.

harman

Cant use a form here

Weedpacket

You wouldn't be able to use mcrypt anyway - this sounds like something the client would do.

What exactly is this data you're trying to hide (related: why can't you use a form)? Is it something being sent from the server to the client for the client to send back to the server? In that case have a look at PHP's [man]session[/man] functions.

Is it something that the client is getting from the user to send to the server? There may be a Javascript solution, involving having Javascript set cookies with the data; but your description of the problem is too vague and I'm not a Javascript guru, so I don't know if that's going to work.

harman

There are several links that pass the member id to a page, I cant use a form cos they are already inside a form that does something else on a diff page.

while($row = mysql_fetch_object($res){
    $tblStr .= '....';
    $tblStr .= '<a href="somepage.php?mem_id='.$row->mem_id.'">'.$row->mem_name.'</a>';
    $tblStr .= '....';

Weedpacket

So then using sessions sounds reasonable.

harman

link1 (sends mem_id=1 to mypage.php)
link2 (sends mem_id=2 to mypage.php)
link3 (sends mem_id=3 to mypage.php)

say the user clicks link2 how would you set SESSION before going to mypage.php

move3rd

Have a look at [man]session-start[/man].