I'd like to remove the customer Id from the URL for security measure. Currently when I click on a row in a table, the customers page will appear. The URL of the customer page will display the following.
http://localhost/test/view_customer?customer_id=12&operation=edit
The row displaying the customer details uses the following code to link to the customer page
onclick="window.location='view_customer?customer_id=<?php echo htmlentities ($row['id']) ?>&operation=edit';"
how do I avoid echoing the customer_id, but also have the data available? Would it possible to do this using $_POST? How would I go about editing my code?
You could:
customer_id along with it's value and can keep it in urlcustomer_id in php session.htaccess (url can become xyz.com/view_customer/12/edit)Hope it helps! :)
You could put a dummy form in your HTML:
<form id="editform" method="POST" action="view_customer.php" style="display:none">
<input id="customer_id" name="customer_id" type="hidden" />
<input id="operation" name="operation" type="hidden" value="edit" />
</form>
Add a script to post the form:
<script type="text/javascript">
function edit(customer_id) {
var cid = document.getElementById('customer_id');
cid.value = customer_id;
var f = document.getElementById('editform');
f.submit();
}
</script>
And then change your on-click code to
onclick="edit(<?php echo htmlentities ($row['id']) ?>)"
This will post the values to view_customer.php and in that code you can simply change $_GET to $_POST.