Alternative to $_get

[kzn]

Hi

I am seeking an alternative to $_get. The below code works by using the $_get, what I want to do is have the while loop run. Then when the user clicks on a story have a session set. As I have said the below code works ... but I would like to set the session and not use the get(this is stop people messing around). I hope my question makes sense. Thanks in advance.



$query = "select id, new_edition from stories order by creation_date";
$result = mysql_query($query);

// display all the urls
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {


$id = $row['id'];
echo '<a href="archives.php?id='.$id.'">'.$row['new_edition']."</a><br/ >";
}


On the second page

if($_GET['id']) {

$_SESSION['edition'] = $_GET['id'];

echo $_SESSION['edition'];
}

 

[vacunita]

Why don't you set the Session on the originating page?

You could use a form, and submit the Id to the other page instead of using a link. That way the Id doesn't not show up in the url, but can be accessed from $_POST instead of $_GET.



----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[jpadie]

the only two methods of transferring data from the client to the server are GET and POST (disregarding ftp, put etc).

you can change your links to submit post data if you want (it would require javascript). or replace your links with forms having the id as a hidden field.

but i certainly have not properly understood your base aim. so we may be able to provide better targeted advice if you rephrased your query.

and please ALWAYS post code within [ignore]

 ...

[/ignore] tags.

 

[jet042]

Another way to pass data, though indirectly, is to set a cookie one one page and then read it on the next. This won't keep people from messing with the data submitted, but there really isn't a way to do that. Even POST data can be modified by the end user if they have the right tools and a little bit of knowledge (or Google-fu).

 

[kzn]

Thanks very much for the replies. I had thought of using a form .... but instead I wanted to look at having a link, that once clicked on started a session with that particular id. Maybe there is away of using javascript and php to achieve this. Thanks again for the replies ... I will keep working on it and will post back if I find a way, any other suggestions appreciated.

Thanks

 

[jaxtell]

Regardless, it won't stop people from "messing around". It is possible (and only slightly more difficult) to change a POST value sent to the server. If that is your only intention, I'd suggest associating a random value with each id, then use that random value to do the lookups.

-----------------------------------------
I cannot be bought. Find leasing information at

http://www.joshaxtell.com/

 

[Kozusnik]

Although there's no real way around $_GET and $_POST from PHP, if I want to set the $_SESSION variables, I'll post to a secondary page, set the session variables and redirect from there. It's hardly noticeable from the client.

ex.
page1.php posts to page2.php
page2.php sets $_SESSION['some_variable'] from the $_POST and redirects back to page1.php
page1.php looks to see if the session variable is filled in and uses it.

Or, you could get comfortable with the AJAX framework.

Mark