Reputation: 11
Security Reasons PHP
After a successfull login, the user will be send to the page that correspondens to him. So I made that with an header('Location: URL?id=$id)
What can I do that the ID will be hidden in the url. So that the user can't change the ID ont the URL? For example I'm logged in as a normal User with my id from the database 63 so un the url is display, page.php?id=63
Now when the user changes the id to 64, he will se the page from the user with the id 64. Due security reason I will change that before to make the site online.
How can I hidden the id in the URL by sending the user with an header('Location:')
Thank you guys !
Upvotes: 1
Views: 51
Answers (1)
Reputation: 3346
Instead of stroing the id in the URL, you can store it in a session variable.
You can start a session by using the following:
session_start();
And you can assign session variables using:
$id = x; #id taken from database. change x to the database variable
$_SESSION["id"] = $id;
Replace 123 with the database user id variable.
Also add session_start() to pages where you would want to use the $_SESSION variable.
Upvotes: 1