you can transfer the session-id (which is unique) through the url too. but then its only the session-id and not the actual data and the session-id can't be guessed that simple to reach another user's data.
Thomas On Sat, 21 Jun 2003 15:31:56 +0100 [EMAIL PROTECTED] (George Pitcher) wrote: > Jay, > > I've never ventured into 'sessions' (not ones without drinks) but I've a > feeling that if the user has turned cookies off then sessions are out as > well as they require a cookie being stored on the user's machine. > > Someone will surely correct me if I am wrong. > > I went to the PHP conference in Frankfurt about 18 months ago and Rasmus was > talking about 'clean' URLs (ithout the 'query' string. I never did find out > how though? > > Cheers > > George > > > -----Original Message----- > > From: Jay Fitzgerald [mailto:[EMAIL PROTECTED] > > Sent: 21 June 2003 3:19 pm > > To: George Pitcher; nabil; [EMAIL PROTECTED] > > Subject: RE: [PHP] Re: Passing Variables > > > > > > That was my thought too, George. But if the user does not have cookies > > enabled, then I believe, as Thomas pointed out, that a SESSION is > > the only > > way to handle the variables. I have never done a "correct" > > session so I am > > trying to learn how to do them without having a userid and password for > > each user. I have played with sessions but I don't know if I am > > doing them > > correctly or how to do sessions without authentication. > > > > Jay > > > > > > > > At 03:14 PM 6/21/2003 +0100, George Pitcher wrote: > > >Nabil, > > > > > >That is one way but it means that Jay would have to use a form and not a > > >link. > > > > > >You could set a cookie. That would work, but it relies on the > > user allowing > > >cookies. > > > > > >George > > > > > > > -----Original Message----- > > > > From: nabil [mailto:[EMAIL PROTECTED] > > > > Sent: 21 June 2003 2:58 pm > > > > To: [EMAIL PROTECTED] > > > > Subject: [PHP] Re: Passing Variables > > > > > > > > > > > > use hidden field (pure html) and then u have it as > > $yourhiddenfield on the > > > > next page even u have the register global off.. > > > > > > > > Nabil > > > > > > > > > > > > "Jay Fitzgerald" <[EMAIL PROTECTED]> wrote in message > > > > news:[EMAIL PROTECTED] > > > > > I have been searching for an answer to this for a couple of > > > > hours now and > > > > > cant find anything. I believe that there is a secure way of > > > > doing this but > > > > > I think my brain is having a momentary lapse... > > > > > > > > > > I have these variables: > > > > > > > > > > $eventid = "1"; > > > > > $age = "15"; > > > > > > > > > > Is there a way to pass these variables to the next page so I > > > > can continue > > > > > using them without doing something like this: > > > > > > > > > > <A HREF="test.php?eventid=1&age=15"> > > > > > > > > > > I would rather not have the variables be seen or known to the > > > > end user for > > > > > security reasons because they could change them in the URL. I > > > > know it has > > > > > something to do with $_GET and $_POST because I do have > > register_globals > > > > > set to OFF in my php file and I do not want to turn them on.... > > > > > > > > > > TIA > > > > > > > > > > > > > > > > > > > > > -- > > > > PHP General Mailing List (http://www.php.net/) > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > > >-- > > >PHP General Mailing List (http://www.php.net/) > > >To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php