Securely passing values

[Splurd]

Right now, I currently put my table and conditions in the querystring and I know thats really unsecure.Is there anyway to make it more secure? So is there a way, to maybe function to encript and decript it, with out too much hassle? I'm not looking for reallllly super secure things, just want something that doesnt take 5 iq to abuse, so I dont get stuff like people selecting from the important tables

[aspnetguy]

read thishttp://www.4guysfromrolla.com/webtech/012000-1.shtml

[Splurd]

whilst that seems very secure and nice, I would rather something alot more simplier and wont change my url to be 5 pages long :)Is there a simplier one? I'm not saying the complex one is bad, I just prefer a simplier one

[justsomeguy]

Why don't you just move the data out of the querystring?

[Splurd]

but where would I put it?Also, query sting is convient due to it being in a link form. The only other link form would be using a report, but that ends up as a button.I could do it by session or cookies, but I would need some tirgger to set the varibles in the session / cookies. So if the person clicks on link A, it will know its looking for table A, and when the person clickso n table B, it will know its looking for table B etc.

[justsomeguy]

You could probably use numbers instead of names, and have a lookup file. That way they can't pass SQL code directly through the URL. So you would have something like page_id, which would be a number, and have a file that you can include that will map all of the numbers to table names or field names or whatever.

<%switch(page_id){  case 1:    $tablename = "table1";    $fieldname = "field1";    break;  case 2:    $tablename = "table2";    $fieldname = "field2";    break;  case 3:    $tablename = "table3";    $fieldname = "field3";    break;  ...}%>

Or you could even store those lookups in the database, and look them up with the page_id.