Mohan Wijesena
Reputation: 235
Secure anchor tag links
Is href='example.php?id="<?= $row['id'] ?>"' safe in the code below?
if not can you tell me why and how to make it secure?
<a class='btn btn-sm' href='example.php?id="<?= $row['id'] ?>"' role='button' data-toggle='modal' data-target='.bs-example-modal-lg'>View</a>
Edit:
Here's why the question above triggered in my head. I'm seeing the database ID just the way it is on the browser bottom on mouse hover!
Upvotes: 0
Views: 480
Answers (2)
Muhammed
Reputation: 1612
No need for quotes, you need to remove them :
<a class='btn btn-sm' href='example.php?id=<?= $row['id'] ?>' role='button' data-toggle='modal' data-target='.bs-example-modal-lg'>View</a>
Better to use PHPs sprintf or something like that for readability:
echo sprintf("<a class='btn btn-sm' href='example.php?id=%d' role='button' data-toggle='modal' data-target='.bs-example-modal-lg'>View</a>",
$row['id']
);
%d - says that it is an integer.
Upvotes: 0
A1Gard
Reputation: 4168
In your code any important bug but I assume the short tag is activated but better is you use full tag here :
<a class='btn btn-sm' href='example.php?id="<?php echo $row['id'] ?>"' role='button' data-toggle='modal' data-target='.bs-example-modal-lg'>View</a>
This is better choose and the must important server side code to load example by id can be vulnerable.
Upvotes: 1
Related Questions
- How to secure Ajax link requests?
- How to use data-saferedirecturl in a tag in PHP?
- Create secure anchor references to database entries
- Mitigate xss attacks when building links
- How do I make a secure link to a page on my website?
- How to make a string safe for an href attribute using PHP?
- Encrypt a query string inside of an anchor tag
- Security rules for links submitted by users in PHP
- Maximum possible security with a fixed link
- Securing variables carried in links