How to post data when link is selected?


I am setting up a PHP website for customers that allows them to view information about their account. The site is secure and users must log-on to view their details.  Certain pages are restricted based on a user's type.  Many of the details contained within this site are financially sensitive therefore security is paramount. I currently have a script that dynamically generates a table, listing all the customers associated with a particular company. The customer name is a hyperlink, that when clicked, opens a new page displaying extended details about the chosen customer. As it stands I am sending the customer ID and portfolio No via the URL and retrieving it using $_GET[] therefore the details are in plain site for all to see.

My problem is once logged in a user could potentially manually change the customer ID in the URL and view anyone's details. I am going to implement a database check but I would also prefer to POST the chosen customer's details, therefore eliminating the risk of manual tampering. Is this possible to do? Are you able to force a POST when a user selects a given link? I am using PHP5 with a MSSQL database.  Any assistance would be most appreciated.

Kind Regards
Who is Participating?
almcc8: with POST, a customer can save a page to their computer locally, change
<form action=....
to your actual URL, and change ID inside the field in HTML, thus effectively submitting other ID as POST variable and still viewing other people's data. So your approach still has a hole in it. The only way to ensure people won't be able to see other people's data, is to cross-check their ID with the ID in the link, thus disallowing them viewing other people data. Even better is to have a link not have any ID, instead PHP script will take ID from their session variables. Thus the link will be same for everyone, yet based on their ID in the session user will only see their own details. If someone goes to that link directly without being authenticated, it will just return them "please login" page.
Using a POST won't solve your problem, since the customer ID will have to be put in a "hidden" field in the form to be submitted by POST. Anyone who knows enough to right click and View Source will have access to that information.

Here is how you do it anyway:

<form name="form1" action="'customerdetails.php');">

  <input type="hidden" name="customerid" value="<?php echo $customerid ?>" />
  <a href="#" onclick="document.form1.submit();"><?php echo $customername ?></a>


IK agree with under_dog

a better solution were to use sessions, so the sensible information is stored on the server. Try to use always sessions for those case.
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

almcc8Author Commented:
Thank-you for the quick response. However I do have another question re: using hidden variables. If I was to use hidden variables as suggested how am I able to determine which customer has been selected? For any given company there could be up to 30 customers listed. I really am not worried about hiding the data so that user cannot read it.  What I am more concerned about is displaying the customer ID in the URL, thus allowing someone to manually change it without consent, then re-loading the page to view someone else's data. I thought if I posted the value, it would eliminate the chance of the value being changed.

Many thanks
Indeed, as GEM100 says, the most important place to do your authentication is on the page where the details are displayed. Check if the logged in user (their ID should be in a session variable from when they logged in) has permission to see the details of the client who's ID they are requesting ... either with POST or GET.
almcc8Author Commented:
Thanks GEM100 & under_dog,

 I already employ the use of session variables to store the user's details at login and check this each script.  However the ID I am retrieving from the form is not the company's individual id, but rather a customer whom is associated with them. The customers are pulled from a database and rendered dynamically in a table so there is no way of knowing what values will be displayed. The user then selects the customer they wish to view extended information for. Somehow I have to transmit this data to the next script.  I just thought a link seemed the most intuitive option for the user.

I will most definitely take you advice and include a database cross check. I suppose I have just read one too many posts re: application security most of which recommend to transmit as little information as possible in the URL! Thanks again for your assistance. This was my first post and I really appreciated the quick responses. The site is a fantastic resource.
Always happy to help. In your scenario, you may leave passing ID as $_GET variable if it is not current user's ID, but then the script should check the ID association with a company and permissions, failing this check should echo a message "permission denied" or something similar.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.