Participating Frequently

Question

URL parameter

Forum|Forum|15 years ago
January 19, 2011
5 replies
1939 views

I have to use get method (instead of post) for form action but dont want to show the url parameter in the action page url.

Anyway to hide or encrypt a form input value after it goes into my database?

Code:

<form action="actionpage.cfm" method="get">
<input type="text" name="myValue">
<input type="submit" name="submit">
</form>

This topic has been closed for replies.

Owainnorth

Inspiring

Anyway to hide or encrypt a form input value after it goes into my database?

*After* is goes into your database? I think more or less everything's been covered, but to clarify - there is *no* way of sending encrypted data from a form through URL parameters. As mentioned, you can send it to an intermediate page which encrypts then redirects, but that's about it.

If you can explain a little more the hows and whys I'm sure there'll be a way to do what you're after.

Bonus points should go to Adam for dropping in the word "idempotent".

A

Adam Cameron.

Inspiring

there is *no* way of sending encrypted data from a form through URL parameters.

Well one could encrypt the form field values onsubmit.

Bonus points should go to Adam for dropping in the word "idempotent".

Ha. Ah, people bandy it around when discussing HTTP methods, especially in the context of RESTful interfaces. I had to look it up when I first heard it. I don't actually like using words that people are likely to have to look up to understand (my yardstick being that if I have to look it up, most other people will need to as well), especially when the word is such that one cannot be expected to infer what it means from just looking at it. However I think "idempotent" is used in the context of HTTP methods sufficiently that it's pretty much lingua franca.

I have now used that word a total of twice (I mean... ever).

--

Adam

Owainnorth

Inspiring

Well one could encrypt the form field values onsubmit.

From a browser? Surely that would leave you only Javascript as an encryption method, and even then you'd have to store the key in the user's browser. Unless I misunderstand what you're saying.

I don't actually like using words that people are likely to have to look up

I definitely did not have to look up this word and read the explanation several times.

A

Adam Cameron.

Inspiring

BKBK is on the right track to answer your question here: encrypt the form values before submitting the form.

But... why? Why are you wanting to do this? The whole idea (well: it's a significant part of it... there's the whole notion fo GETs being idempotent too, that some people bang on about. There's nothing to say a POST can't be idempotent too, though) of a form submitted with a GET is to have the params on the URL. If you don't want them there, don't use a GET, use a POST.

--

Adam

BKBK

Community Expert

In a separate, preliminary process, use a key and an algorithm to encrypt the message. For example,

Then output the value of encryptedText (which is ,<$.>B/_ "EQ=FZIV) and use it in the form, thus

The vital connection in the communication is that the sender(the form page) must reveal its key to the receiver(the action page). Otherwise, decryption would be practically impossible.

actionpage.cfm

</cfif>

S

Scott Stroz

Participating Frequently

Not sure why you need to use GET as opposed to POST, other than 1) you cannot modify actionpage.cfm or b) there is a lot of code looking for URL scoped variables on actionpage.cfm.

If it is the latter, one thing you could do is send the form via POST and add this to the top of actionpage.cfm: structAppend(url, form)

D

Dan_Bracuk

Inspiring

Submit your form to an intermediate page. On that page, change the url variable to a session variable and re-direct to the action page.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded