(10-10-2018, 09:53 PM)eforbes Wrote: I am really concerned about showing url id's to view details for a product that i am setting up. Is there a way in US to hide or make it more secure?
This is what i have:
Code:<a href="product_details.php?transac_id=<?php echo $product['id']?>">Product Name</a>
You could maintain a session table perhaps? Generate a nonce which maps to the product ID, store it in the database or the php session (edit: or both, probably; you want the nonce in $_SESSION or a cookie, and the mapping in a database table). Your link would then be
Code:
<a href="product_details.php?transac_id=<?php echo $nonce?>">Product Name</a>Your product_details.php page can then look up the nonce in the session or db to retrieve the product ID. Just generate hashes or random strings for the nonce, and there'll be no way to reverse engineer or expose the product IDs. Think about likely hash collisions if you're doing it yourself.
I'm at a bit of a loss as to _why_ you'd want to do that, but hey, it's probably doable
