hiding GET

LordRogaine

I am passing variables from one page to another using GET. Is it possible to hide or alter how these variables appear in the address bar so that hackers cannot see what I am doing? Any alternatives other than using POST?

bastien

sessions? cookies? db entry?

bretticus

Well, if you are submitting a form, why not use POST method? If you are not submitting a form, you can store values in the $_SESSION variable. i.e. Form handler:

<?php
session_start();
$_SESSION['SUBMIT'] = $_POST;
?>

Then in subsequent pages, you get the values via:

<?php
session_start();
$value = $_SESSION['SUBMIT']['SomeFormInputName'];
?>

If I understood you correctly the first time, and you really do need to submit via GET and want to obfuscate the GET key/value pairs in the URL, you could use javascript to encrypt/obfuscate your form inputs and rewrite them to hidden field values before submitting.

bretticus

Really though, if you are worried about hackers getting session data, etc from URLs, use SSL and don't link to external URLs on your site.