I was wondering if they is a way to change the url so it doesn't show the product id at the end. Because this way someone can change the pid and it might direct them to a different page if that pid is in the database.
<a href="<?php fetchdir($apages) ?>item.php?pid=<?php echo $row['pid']; ?>">View</a>
http://WWW.testexample.x10.mx/item/item.php?pid=2
You can do any of this:
1) do post on href click and then access pid from $_POST on server side
2) do base64 or custom encryption for pid value (can be coupled with 1))
3) handle manual pid change on the business side so it is not a problem for you, just let them do it if they want.
I would go for option 2) but here an example of option 1)
<html><body id="body"><script> function postData(val) {
var frm = document.createElement("form")
frm.action="/data.php";
frm.method="post";
var input=document.createElement("input")
input.name="pid";
input.value = val;
input.type = "hidden";
frm.appendChild(input);
var body= document.getElementById("body");
body.appendChild(frm);
frm.submit();
} </script><a href="javascript:void(0)" onclick="postData(<?php echo $pid; ?>)">View</a></body></html>
this is example for option 2 using base64 encoding:
<a href="<?php fetchdir($apages) ?>item.php?pid=<?php echo base64_encode($row['pid']); ?>">View</a>
and then in item.php:
$pid=base64_decode($_GET['pid']);