Linking from one PHP page to another with parameters

Marzio · June 28, 2023, 9:22pm

Linking from one PHP page to another with parameters is one thing that is often presented when building a site. -> www.site.com/page.php?xx=000ffff
But a question arises, which is not so obvious
Often, for safety problems it is necessary to hide the parameters
But with Wappler what is the best method to ensure maximum security?

Cheese · June 28, 2023, 9:27pm

Never ever use an obvious parameter like ID! Use a complex UUID or even two or three. Put everything in a Conditional Region with secured pages using the Security Provider on the ‘details’ page. Have tight user based security on all your queries. And DON’T forget to check Debug is ALWAYS off!

You could use sessions and cookies as well as the above, and in combination. Never such a thing as too little security.

Using parameters is not the issue but its how you implement them that defines the action and consequence of exposing them.

Marzio · June 28, 2023, 9:50pm

Ok
I can create a MyAction action and set a UUID value
But how do I use it on a page to link to another page by passing the data?

Cheese · June 28, 2023, 9:58pm

The UUID’s are stored within the row itself in the database, you then pass these in the URL. We create these upon insertion of new records.

Marzio · June 28, 2023, 10:11pm

So if I understand well for each new record I create a UUID that I can call Myuuid, memorize it in a field of record (link) and then link the site.com/newpage.php?link=myuuid?

Marzio · June 29, 2023, 7:49am

I created UUII and it actually works wonders, as the link has the address of the page followed by uuid=…string uuid…
But it would be even better if the exact path of the page disappeared.
I tried with router but with poor results
I can’t figure out how to setup router with parameters

Teodor · June 29, 2023, 7:52am

Well if you want to filter data using url params, then how do you expect them to not be visible? Whatever id/uuid you use as an URL param will always be visible.

Marzio · June 29, 2023, 8:28am

Using UUID instead of ID certainly makes the connection to the page a little more secure, but if you want to prevent anyone from copying the URL and using it, I think the solution could be Router
But I don’t know if it can be used in this case.
Alternatively you can use a session variable, but I’d rather avoid that in this case

Teodor · June 29, 2023, 8:53am

If you are using routing then you have to send the id/uuid again in the URL. So you will see:

https://site.com/product/123

instead of

https://site.com/product.php?param=123

Marzio · June 29, 2023, 9:05am

But the working link without router is as follows
If I create the routing, do I have to enter this link as a URL?

‘page2.php?uuid=’+sc_list_recordi.data.query[0].uuid

Teodor · June 29, 2023, 9:12am

It’s already explained in the docs:

Hyperbytes · July 1, 2023, 11:28am

This may help