Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How do I encode a URL or hide confidential information from being displayed in the browser?
For example, I have the following link:
<a href="path/profileId/<?php echo $this->data['profile_id'];?>Edit</a>
I don’t want profileId to be displayed in the browser.
Is there any function or method in Zend or PHP to accomplish this task? I am newbie in Zend so I have no idea if there is even a template which provide such functionality.
I suppose you will need the ID in some form or another on the
/path/profileId/page, otherwise you won’t know which profile to display, right? If that’s the case, it’s impossible to completely hide it.You could use a POST request instead of a GET request so the ID won’t show up in the URL, but it’ll still be visible in the HTML and the request body if you know where to look.
The real question is, why is a
profile_idconfidential to begin with? If somebody is able to do something bad just by knowing an identifier, your system has a huge problem.You could of cause encrypt the information before sending it and decrypt it on the receiving end, but that seems pretty nonsensical. The typical way would be to simply pass tokens that are by themselves worthless, but allow you to resolve the real data on the backend. The prime example of this is a Session, another is passing the ID of a record and retrieving the related record, including confidential information, from the database.