?
Solved

[PHP] $_GET data clear

Posted on 2011-09-19
3
Medium Priority
?
429 Views
Last Modified: 2013-12-13
I am creating a form that will work as a search form for a database, and I wanted to use get as the method for getting the information so that they could bookmark the searches.  The problem is that some of the residual data is left over from search to search.  

I can reset the headers on the page to only show the data that I want, but I was wondering if that was the most secure/best way to do this or if there is something else that people do to remove the extra data from the URL.

Thanks so much!
0
Comment
Question by:prileyosborne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Accepted Solution

by:
Hugh McCurdy earned 1000 total points
ID: 36564252
Against whom are you trying to secure information?  What type of information are you trying to secure?  Are you adding information you want to keep secret to the URL?  (That's the only thing that makes sense to me so far because the user knows his own search.)

If you are adding information to the URL that should be secret, I suggest you store the secret information in a session variable ($_SESSION).  This sets a cookie that expires when either your software expires it or when the browser closes (whichever comes first).  Banks use session variables.  Nothing is 100% secure but they are pretty good if you are careful.

See http://www.w3schools.com/php/php_sessions.asp
0
 
LVL 14

Expert Comment

by:Scott Madeira
ID: 36564316
Just because they are sending you data that doesn't mean you need to process it.  You can always ignore the extra data that is coming in the request.
0
 

Author Closing Comment

by:prileyosborne
ID: 36568153
Oh, great link on Sessions.  So I can just unset the session every time I change the search. That works perfectly!  Thanks!
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question