Add variable to session with click on the link.

Question

I have working, but not safe script running. Basically, i have a loop that pulls "id" from db and diplays this code as final.

<a href=next-page.php&lang_id=1&id=145> <img src=thumb1.jpg> </a> <a href=next-page.php&lang_id=1&id=146> <img src=thumb2.jpg> </a> <a href=next-page.php&lang_id=1&id=147> <img src=thumb3.jpg> </a> etc.

When user clicks, he goes to next page and he can see full set of pictures from the event. Thinking the passing variables in sessions might be the safest way to do it, i wish to change my script and remove "id" from the link, but i don't know how to pass add the "id" into session when user clics on the link.

Answer 1

Use forms and $_POST instead. There is no need to pass such variables in session. Despite, you can not really do what you want in pure php/html without form or putting the id in URL in a logical manner.

Honestly though, it's not so bad to pass id in URL, if you have security checks on server side. You should try to use obfuscation of some sort, like a hash or business id (fake ID number, for example created in user context, so every user has his own IDs and they're not unique on their own). In fact it is best to not ever show database IDs to the user on the client side.

Answer 2

I agree with @mareckmareck. Create form and inside that form place radio button sets like following

<form action="next-page.php?lang_id=1" method="post">
  <p><input type="radio" name="option" value="145" /> <img src=thumb1.jpg></p>
  <p><input type="radio" name="option" value="146" /> <img src=thumb2.jpg></p>
  <p><input type="radio" name="option" value="147" /> <img src=thumb3.jpg></p>
</form>

I Hope this helps.