我知道我可以对 URL 参数使用 POST 方法来根据特定变量显示数据,我知道如何使用 GET 方法 - 但我被告知可以使用 POST 方法隐藏部分像这样的 URL。
/data.php?parameter=1234
就 URL 参数而言,这两种方法的实际区别是什么?
下面是一些根据特定链接的 id 从数据库中获取数据的代码
<?php
//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');
//This is the actual interaction with the database, according to the id.
$query = mysql_query("SELECT * FROM table WHERE id=" .$_GET['id'] . ";") or die("An error has occurred");
//This re-directs to an error page the user preventing them from viewing the page if there are no rows with data equal to the query.
if( mysql_num_rows($query) < 1 )
{
header('Location: 404.php');
exit;
}
//Here each cell in the database is fetched and assigned a variable.
while($row = mysql_fetch_array($query))
{
$id = $row['id'];
$title = $row['title'];
$month = $row['month'];
$day = $row['day'];
$photo = $row['photo'];
$text = $row['text'];
}
?>
在一个单独的页面上,我根据 ID 生成指向 data.php 文件的链接,如下所示:
<a href="post.php?id=<?php echo $content['id']; ?>"><?php echo $content['title']; ?></a>
忘记了通过上面的代码可能会发生潜在的 SQL 注入,我将如何使用 POST 方法来隐藏 URL 参数,或者至少不像这样显示它们:
http://example.com/data.php?id=1