Splurd Posted June 26, 2006 Share Posted June 26, 2006 Right now, I currently put my table and conditions in the querystring and I know thats really unsecure.Is there anyway to make it more secure? So is there a way, to maybe function to encript and decript it, with out too much hassle? I'm not looking for reallllly super secure things, just want something that doesnt take 5 iq to abuse, so I dont get stuff like people selecting from the important tables Link to comment Share on other sites More sharing options...
aspnetguy Posted June 26, 2006 Share Posted June 26, 2006 read thishttp://www.4guysfromrolla.com/webtech/012000-1.shtml Link to comment Share on other sites More sharing options...
Splurd Posted June 29, 2006 Author Share Posted June 29, 2006 whilst that seems very secure and nice, I would rather something alot more simplier and wont change my url to be 5 pages long :)Is there a simplier one? I'm not saying the complex one is bad, I just prefer a simplier one Link to comment Share on other sites More sharing options...
justsomeguy Posted June 29, 2006 Share Posted June 29, 2006 Why don't you just move the data out of the querystring? Link to comment Share on other sites More sharing options...
Splurd Posted June 29, 2006 Author Share Posted June 29, 2006 but where would I put it?Also, query sting is convient due to it being in a link form. The only other link form would be using a report, but that ends up as a button.I could do it by session or cookies, but I would need some tirgger to set the varibles in the session / cookies. So if the person clicks on link A, it will know its looking for table A, and when the person clickso n table B, it will know its looking for table B etc. Link to comment Share on other sites More sharing options...
justsomeguy Posted July 3, 2006 Share Posted July 3, 2006 You could probably use numbers instead of names, and have a lookup file. That way they can't pass SQL code directly through the URL. So you would have something like page_id, which would be a number, and have a file that you can include that will map all of the numbers to table names or field names or whatever. <%switch(page_id){ case 1: $tablename = "table1"; $fieldname = "field1"; break; case 2: $tablename = "table2"; $fieldname = "field2"; break; case 3: $tablename = "table3"; $fieldname = "field3"; break; ...}%> Or you could even store those lookups in the database, and look them up with the page_id. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now