Ok, I should know how to do this, but I simply want to pass a parameter like this:

<a href='nextpage.php?someval=$someval'>Click here</a>

The only thing is, I don't want the parameter value to display in the URL because it might be sensitive information.

How do I do this (without using a form and hidden fields - since I do not want a submit button on the page).

Thanks for any help!

My first thought is to use some form of encryption/decryption technique. Encrypt it in when you write out the URL, and decrypt it on the page that reads that parameter....

Does PHP provide some function which will do that? Or do I need to make one up?

I haven't done much encryption/decription in PHP, but I did a quick search through the PHP manual at php.net and came across this:

http://us3.php.net/manual/en/functio...pt-generic.php

And:

http://us3.php.net/manual/en/functio...pt-generic.php

Along with a number of other methods, including some from the OpenSSL library.

You may have to base64 encode the encrypted results in order for it to be useful as part of a URL. There are also functions for this shown here:

http://us3.php.net/manual/en/function.base64-encode.php
http://us3.php.net/manual/en/function.base64-decode.php

Ok I'll give it a try and let you know how it goes.

Thanks!

Well, what kind of info is this? Is it something that is set once and never changed, like an ID/username/password? I would say try using sessions. They don't show up in the url and and are really easy to learn.

I guess you could use sessions on links also, but I'm not sure how you would reset the variables each time.

Yes, that's exactly the kind of info it is. What do you mean by using "sessions"? I guess I'll type that into the search on php.net and see what I find.

All I want to do is really simple though (since this is only for an assignment):

If a user logs in with a username and password to a certain part of a site, for every page in that section of the site I would just check the username and password and verify them by checking the appropriate table.
But if I pass those variables via the href, then anyone walking by could see someone's username and password.

Here's a quick Session tutorial then.. **INCLUDING CODE**

I'm leaving out the stuff about checking login against password. This is just a general TUTORIAL.
The easiest way to explain sessions are they are like cookies. It lets you store variables that follow you from page to page. So if you set up a variable named "Username" on one page using a session you can access that same variable from another page with out having to pass the variable via the URL.

They're actually pretty simple. First you HAVE to start the session. This needs to be done on any page that needs to be able to read the session data.
now you need to register your variables for the session. You only do this once. Do it before you put any data in those variables.
Next you'll add whatever data you want to that variable just like you would any other
now you can access $variable_name_here from any page that has session_start(); on it.

**NOTES**
session_start(); needs to be the first thing on each page (besides the <?php)

If you have any questions feel free to IM me on AIM at outtasns I'll be happy to help.

Hey, that's a lot of help! I'm going to try it right now... I'll get back to you.
Thanks a bunch!

On the PHP site there is an example which initializes the variable and then registers it.
It also says the session_register() is deprecated???

Yeah, it sounds like sessions are probably what you want, and I should have probably thought of them too, since they are what I use for the login for my own site.

I was thinking you just had some information you wanted to pass to another page, and didn't want to use a form to do that. One advantage to my encryption idea is that you would be able to bookmark URLs that pass that information. However, for a login setup, that could also be a disadvantage, because if someone had the exact URL they could view pages as a logged in user without "officially" logging in.

My thoughts exactly... however I probably wasn't too clear about it earlier. Sorry about that...

okay, well you're right on those. I haven't followed recently. The reason I said to register first is just because I find it easier to read But you're right you can do it either way.

Here the changes after looking at the doc. instead of having
You will just simply use
Sorry for the missrep :-)

**EDIT**
Forgot to add to call the variable you'll use $_SESSION["variable_name_here"] instead of $variable_name_here

Well, all I can say is that it works like a charm!

Thanks so much for all the help!

Khabi I must say you are a lifesaver! I thought I was going to have to go back and change a ton of code - but all I've had to do is add 4 lines of code (the same each time) to each page I want secure!

Thanks a bunch and Happy New Year!!