Hmm. I guess it depends on your definition of secure.
Will the user be able to visit that page whether logged in or logged out? If that's the case, it will never "really" be secure because anyone with that link will have the info on the page.
I feel like the better way to do it is to just have the query performed by the logged in user. So when they visit the page, it would just be
Code:
$query = $db=>query("SELECT * FROM tablename WHERE id = ?",arrray($user->data()->id));
Code:
$result = $query->first();
You really only want to pass things through the url that anyone should be welcomed to change.
Take a look at our profile system. The "edit profile" button when you're logged into your account takes your id straight from the fact that you're logged in. The view profile button, puts the urls in the link and if you change it, you'll just see a different profile...and that's ok because it's public information.
If you want an insecure, but better secured (what they would call security through obscurity), way to do it, use the vericode field in the users table. (A vericode is a random 6 digit number from 100000-999999 that's given to a user when they sign up).
So make your link concatenating like
Code:
<a href="http://www.mysite.com/mypage.php?vc=<?=$user->data()->vericode?>">Visit your page</a>
Then at the top of the page do something like
Code:
$vc = Input::get('vc');
Code:
$query = $db=>query("SELECT * FROM users WHERE vericode = ?",arrray($vc));
Code:
$vcode = $query->first();
Code:
$query2 = $db=>query("SELECT * FROM tablename WHERE id = ?",arrray($vcode->id));
Code:
$result = $query2->first();
Just know that if a user changes their password, their vericode will change. If that doesn't work, then you'll probably want to create some sort of other random (and probably longer) to identify each user. But still, if anyone has the link, they will be able to view the info. The only thing that does is makes it harder for people to go into the url bar and "guess."
