hiding code in address bar

OwenTheSamoan

I have a message system using php with mysql where the members can send messages to eachother. The only problem is when a message is read or sent the code is seen in the address bar like this-- http://mysite.com/sentmail.php?mail_id=641894

Is there anyway of hiding the code in the address bar of the browser. It seems some of the members have been changing the mail_id number and reading other member's mail.

Thanks,
OwenTheSamoan

tekky

Originally posted by OwenTheSamoan
I have a message system using php with mysql where the members can send messages to eachother. The only problem is when a message is read or sent the code is seen in the address bar like this-- http://mysite.com/sentmail.php?mail_id=641894

Is there anyway of hiding the code in the address bar of the browser. It seems some of the members have been changing the mail_id number and reading other member's mail.

Thanks,
OwenTheSamoan

2 things to fix this

1) have your page that displays the "mail" check the referringpage, if its not the correct page, Error and log the users information.

2) use the POST method, and change all instances of $GET to $POST

OwenTheSamoan

Thanks, but I can't change from GET to POST. Here is what my previous page looks like so you can see where I am getting the GET info.

<td align=center><a href=http://mysite.com/page.php?mail_id=".$row['mail_id']."><img border=0 src=images/mail.gif width=38 height=30></a></td

What can I do so that the "$row['mail_id']" doesn't show in the address bar?

rehfeld

make them log in

stevesweetland

<td align=center><a href=http://mysite.com/page.php?mail_id=".$row['mail_id']."><img border=0 src=images/mail.gif width=38 height=30></a></td> [/B]

dont do that.

do something like this.

<form name='mail".$row['mail_id']."' method='post' action='page.php'>
  <td align=center><a href='mail".$row['mail_id'].".submit()'><img border=0 src=images/mail.gif width=38 height=30></a></td>
  <input type='hidden' name='mail_id' value='".$row['mail_id']."'>
</form>