On my php/mysql web site, I pass URL parameters between pages to be used in database searches. I need to hide one of these parameters.
The reason is:
A user navigates to a page and views information based on the URL parameter that was passed. Now, he can simply type in another value into the address bar (replacing one of the parameters), click the Go button on the browser and have access to an unauthorized record.
I say I need to hide the URL parameter, but am also open for suggestions.
I prefer to use the GET method over POST so users can navigate with the browser back button.
Thanks
Kevin Stillwell
GP Racing, LLC