使用POST方法隐藏URL参数 [英] Using POST method to hide URL parameters
问题描述
我了解我可以使用POST方法的URL参数根据特定变量显示数据,我知道如何利用GET方法-但有人告诉我可以使用POST方法来隐藏像这样的网址部分.
I understand that I am able to use the POST method for URL parameters to display data according to a specific variable, I know how to make use of the GET method - but I am told that the POST method can be used to hide the part of the URL that is like this.
/data.php?parameter=1234
两种方法在URL参数方面的实际区别是什么?
What is the actual difference of the two methods in terms of URL parameters?
下面是一些代码,可根据特定链接的ID从数据库中获取数据
Below is some code that fetches data from a database according to the id of a specific link
<?php
//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');
//This is the actual interaction with the database, according to the id.
$query = mysql_query("SELECT * FROM table WHERE id=" .$_GET['id'] . ";") or die("An error has occurred");
//This re-directs to an error page the user preventing them from viewing the page if there are no rows with data equal to the query.
if( mysql_num_rows($query) < 1 )
{
header('Location: 404.php');
exit;
}
//Here each cell in the database is fetched and assigned a variable.
while($row = mysql_fetch_array($query))
{
$id = $row['id'];
$title = $row['title'];
$month = $row['month'];
$day = $row['day'];
$photo = $row['photo'];
$text = $row['text'];
}
?>
在另一个页面上,我根据ID生成到data.php文件的链接,如下所示:
On a separate page I generate links to the data.php file according to the ID like so:
<a href="post.php?id=<?php echo $content['id']; ?>"><?php echo $content['title']; ?></a>
忘记了上面的代码可能会发生潜在的SQL注入,我将如何使用POST方法来隐藏URL参数,或者至少不像这样显示它们:
Forgetting that there are potential SQL injections that can occur through the above code, how would I go about making use of the POST method in order to hide the URL parameters, or at least not display them like this:
http://example.com/data.php?id=1
推荐答案
要使用POST,您将需要使用<form>
标记,并且根据您提取这些URL的方式,可能更容易使用javascript来提供帮助.这是一个基本示例:
In order to use POST, you will need to use a <form>
tag, and depending on how you are pulling up these URLs, it could be easier to use javascript to help out. Here's a basic example:
<form method="post" action="data.php">
<input type="hidden" name="parameter" value="1234" />
<input type="submit" value="Go" />
</form>
执行"按钮将发布表单数据,现在,在data.php中,您将能够从$_POST['parameter']
中检索值.请注意,在使用POST时,您可能需要重定向(HTTP 302)回到页面,以便当用户单击后退"按钮时,浏览器不会提示您重新提交表单.
The Go button would POST the form data, and now in data.php you will be able to retrieve the value from $_POST['parameter']
. Note that when using POST, you will probably want to redirect (HTTP 302) back to a page so that when a user hits the back button, the browser doesn't prompt to resubmit the form.
使用JavaScript,您可以在发布表单之前将parameter
输入设置为其他值.
Using javascript, you could set the parameter
input to a different value before posting the form.
这篇关于使用POST方法隐藏URL参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!