I am trying to build a web application in PHP.
But I dont want to use the GET & POST methods, as user shall know what and how are we sending the data, just by looking at the html end. Of course we can always sanitize the data, but still, I want to keep the format of data to myself.
Is there an alternative to the above...
can something be done with the url, so that the type and format of data is not revealed. I saw something in this regard that related to mod rewrite.
Please suggest and tell me if I am on the right track.
You are not on the right track.
You cannot really hide the way data is sent, because the browser has to know somehow, and if it knows, the possible intruder will know. Use GET and POST as you normally would, filter and sanitize user data. That's the best you can do.
You can even change the URL, but the browser will still have it, so will the possible intruder.
If you are going for something more secure, HTTPS seems to be a good option for you.
Contrary to what other people are putting here, you can in some respects do what you like, although it wont accomplish your goal:
PUT / SEARCH / DELETE are all concepts of a RESTful interface
If you wanted to be inventive ... create a new one called HIDEFROMUSER
and configure your webserver and PHP script to accept this in the headers. Note, most, if not all browsers wont support this, but a jquery ajax call should...
header('Allow: GET, HEAD, POST, DELETE, HIDEFROMUSER', true, 405);
$accept = $_SERVER['HTTP_ACCEPT'];
// does $accept equal one of your allowed methods?
Finally $yourHiddenWayOfDoingThings = fopen('php://input', 'r');
People will still see what you're doing if it works and you wont have achieved your expectations...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With