php - how can change or hide a url validation from url

Question

I use the userid for validation like this:"index.php?ui=XX".

How can I hide the number or change it to another number?

I don't want to users see id number.

Thanks.

Use a [POST request](https://en.wikipedia.org/wiki/POST_(HTTP)). — Phylogenesis, Mar 06 '18 at 11:14

score 0 · Answer 1 · answered Mar 06 '18 at 11:17

0

Depends on why you don't want to show it.

If it's because you don't want the users to guess their sequential numbers then don't use userId in that case and instead generate UUID for each of the users (for example by using uniqid).

If you don't want the user to know their userId at all then, as long as you authenticate the user, you can utilise their login session and fetch the user info for them that way.

answered Mar 06 '18 at 11:17

Kasia Gogolek

3,374
4
33
50

when i want - move users to another users page - use it. – 11111111111111111 Mar 06 '18 at 11:24
I don't understand what you mean by that? If you are trying to show user specific information on another page then you should not be basing it on userId passed in $_GET parameter or any other parameter for that matter. You should implement authentication and validate the user from their SESSION. – Kasia Gogolek Mar 06 '18 at 11:28
You might find this useful https://stackoverflow.com/questions/685855/how-do-i-authenticate-a-user-in-php-mysql – Kasia Gogolek Mar 06 '18 at 11:32
i dont want authentication. just $_GET like facebook whene i click on a users profile i move to users page and url changes. i want hide that – 11111111111111111 Mar 06 '18 at 11:42
you will have to use some sort of user ID anyway as a way to work out which user to load. For this you are better off using username or unique id which is not sequential. I would suggest you look at the first solution I suggested then. – Kasia Gogolek Mar 06 '18 at 11:44

score -1 · Answer 2 · answered Mar 06 '18 at 11:42

-1

Pass the userid by using POST method, not GET. On other way you could learn some stuff about session handling. So you could store the userid in cookies and it will not appear in the url.

If you use Cookies, you can use the parameter on any location until you close the session.

answered Mar 06 '18 at 11:42

Jonas Wrede

1
2

POST doesn't hide userId, user can still access it using developer tools. – Kasia Gogolek Mar 06 '18 at 11:45
Then I suggest to use cookies. – Jonas Wrede Mar 06 '18 at 12:13
Cookies can also be accessed by user without any problem. – Kasia Gogolek Mar 06 '18 at 12:14
Which way are you using to passed sensitive datas? – Jonas Wrede Mar 06 '18 at 12:19
see my answer above – Kasia Gogolek Mar 06 '18 at 12:24

php - how can change or hide a url validation from url

2 Answers2