kvarnerexpress 0 Report post Posted June 21, 2005 just wondering if there is a easy safe way to secure some webpages.i have a payment facility on my site which is linked through paypal. when the member has paid they are taken back to my site "thanks your payment has been successful page", once its went to this page the item is no longer listed on my site.now i have found away people can mess with this using the url. this means people can change just a few digits in the url and and mess the listings up on my site.after payment has been made the member is redirected to:-mydomain.com/class/thanks_paypal.php?myprod_id=78&MemberID=11this means i could over ride the id (78) with another id (80) (90) etc etc, this would then mean these items would show as sold and come off my site.is there away to either hide my url: so it only shows the following mydomain.com/class/or is there another way to make it more secure,thankskvarnerexpress Share this post Link to post Share on other sites
rvalkass 5 Report post Posted June 22, 2005 Change the action of the form from GET to POST and then use $_POST['variable'] rather than $_GET. This will hide the information being sent and it can't be changed by the user. Share this post Link to post Share on other sites
beeseven 0 Report post Posted June 24, 2005 Post forms would be better, as previously stated. You could also use hidden inputs if you have to take it through several pages: <input type="hidden" name="prod_id" value="###" /> If you also want secure as in payment and such, then you have to buy a certificate. Share this post Link to post Share on other sites