cabUK Posted November 20, 2007 Share Posted November 20, 2007 I am wondering about the best way to prevent users from going to the next record in a database by using the URL bar.So if I have this in the URL: www.site/items.php?itemno=2I want to prevent them from going to the url and typing in 3 etc.I am at a bit of a lose on this so any help would be appreciated. Link to comment Share on other sites More sharing options...
Matpatnik Posted November 20, 2007 Share Posted November 20, 2007 You can use a cookie or session to send a valid number and redirect them if it doesn't match but their is probably a better way of doing it. Link to comment Share on other sites More sharing options...
justsomeguy Posted November 20, 2007 Share Posted November 20, 2007 You can check the referer header, if it's blank then they probably typed the URL in. Keep in mind that's also going to stop people from emailing links to that page to other people or using bookmarks. Link to comment Share on other sites More sharing options...
cabUK Posted November 20, 2007 Author Share Posted November 20, 2007 You can check the referer header, if it's blank then they probably typed the URL in. Keep in mind that's also going to stop people from emailing links to that page to other people or using bookmarks.Its ok for the linking etc. Its for a game so linking and bookmarking is not an issue.I will take a look at this and see how it goes.Thanks for the replies. Link to comment Share on other sites More sharing options...
Guest sven_s Posted November 21, 2007 Share Posted November 21, 2007 I would suggest, that you pass a random number as a second parameter, which can be created by php function rand(). Then you check for the number in your query (the number has to be stored in your database as well). So you can only view a record if the number matches as well. It's probably much safer that way as you'd have to "guess" the random number if you try to set the parameter in the URL manually. Link to comment Share on other sites More sharing options...
justsomeguy Posted November 21, 2007 Share Posted November 21, 2007 In that case it would be better to store it in the session rather then a database. Link to comment Share on other sites More sharing options...
cabUK Posted November 21, 2007 Author Share Posted November 21, 2007 thanks I will take a look.The way I have found is to compare the location of the shop to the location the player is in.But the random number sounds quicker.Thanks for the help so far guys. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.