使用POST方法隐藏URL参数 [英] Using POST method to hide URL parameters

问题描述

我了解我可以使用POST方法的URL参数根据特定变量显示数据，我知道如何利用GET方法-但有人告诉我可以使用POST方法来隐藏像这样的网址部分.

I understand that I am able to use the POST method for URL parameters to display data according to a specific variable, I know how to make use of the GET method - but I am told that the POST method can be used to hide the part of the URL that is like this.

/data.php?parameter=1234

两种方法在URL参数方面的实际区别是什么?

What is the actual difference of the two methods in terms of URL parameters?

下面是一些代码，可根据特定链接的ID从数据库中获取数据

Below is some code that fetches data from a database according to the id of a specific link

    <?php
//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');

    //This is the actual interaction with the database, according to the id.
    $query = mysql_query("SELECT * FROM table WHERE id=" .$_GET['id'] . ";") or die("An error has occurred");

            //This re-directs to an error page the user preventing them from viewing the page if there are no rows with data equal to the query.
    if( mysql_num_rows($query) < 1 )
{
  header('Location: 404.php');
  exit;
}

    //Here each cell in the database is fetched and assigned a variable.
    while($row = mysql_fetch_array($query))
    {
        $id = $row['id'];
        $title = $row['title'];
        $month = $row['month'];
        $day = $row['day'];
        $photo = $row['photo'];
        $text = $row['text'];    
    }
?>

在另一个页面上，我根据ID生成到data.php文件的链接，如下所示:

On a separate page I generate links to the data.php file according to the ID like so:

<a href="post.php?id=<?php echo $content['id']; ?>"><?php echo $content['title']; ?></a>

忘记了上面的代码可能会发生潜在的SQL注入，我将如何使用POST方法来隐藏URL参数，或者至少不像这样显示它们:

Forgetting that there are potential SQL injections that can occur through the above code, how would I go about making use of the POST method in order to hide the URL parameters, or at least not display them like this:

http://example.com/data.php?id=1

推荐答案

要使用POST，您将需要使用<form>标记，并且根据您提取这些URL的方式，可能更容易使用javascript来提供帮助.这是一个基本示例:

In order to use POST, you will need to use a <form> tag, and depending on how you are pulling up these URLs, it could be easier to use javascript to help out. Here's a basic example:

<form method="post" action="data.php">
    <input type="hidden" name="parameter" value="1234" />
    <input type="submit" value="Go" />
</form>

执行"按钮将发布表单数据，现在，在data.php中，您将能够从$_POST['parameter']中检索值.请注意，在使用POST时，您可能需要重定向(HTTP 302)回到页面，以便当用户单击后退"按钮时，浏览器不会提示您重新提交表单.

The Go button would POST the form data, and now in data.php you will be able to retrieve the value from $_POST['parameter']. Note that when using POST, you will probably want to redirect (HTTP 302) back to a page so that when a user hits the back button, the browser doesn't prompt to resubmit the form.

使用JavaScript，您可以在发布表单之前将parameter输入设置为其他值.

Using javascript, you could set the parameter input to a different value before posting the form.

这篇关于使用POST方法隐藏URL参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！