In my system when users add a reservation to the database, a transaction ID will be automatically generated:
$insertID = mysql_insert_id() ;
$transactionID = "RESV2014CAI00". $insertID ;
$insertGoTo = "action.php?trans=" . $transact;
But it is very dangerous to pass the $transactionID via address bar. (GET Method) So I need to send transaction to action.php via the POST method.
How can I pass this data using the POST method?
If you want to pass the $transactionID from one page to another in your website you can also use $_SESSION.
Information in the basic usage can be found here
Another approach would be to hash the id as shown below.
$salt = 'your secret key here';
$hash = sha1(md5($transactionID.$salt));
Now you can pass the hash along with the transaction id on the next page and check it match. If it matches then the id wasn't changed. If not then the id was changed. Something like.
$salt = 'your secret key here';
$hash = sha1(md5($_GET['transectionId'].$salt));
if($hash == $_GET['hash']){
//do something
} else {
//Error, id changed
}