2011-10-01 17:49


  • php
  • session
  • header
  • forms
  • login

I'm making a register page, signup.php, and basically what I want it to do is check for errors and if there are none, redirect to register.php. That is fine and whatnot, but register.php is the page where the actual account is made (e.g. mySQL query). Of course, in order to do that, I actually need the params gathered form signup.php. I was wondering if I could do something like this..

    header("Location: register.php, TYPE: POST, PARAMS: {user,pass,email}")

Obviously I can not use $_GET as I am transmitting sensitive data (e.g. passwords).

Any ideas/suggestions?

EDIT: Thank you all for your answers. I am now storing the parameters in a $_SESSION variable.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • du9843 du9843 10年前

    No, you can't, and such data would be just as insecure to any determined attacker.

    Store the data in a session variable for use in the next page.

    点赞 评论 复制链接分享
  • doubi4340 doubi4340 10年前

    I see no point in such redirect.

    Why not to post right away to register.php?
    And then check for errors and save data in database in the same register.php?
    without any redirects

    点赞 评论 复制链接分享
  • duanci6484 duanci6484 10年前

    You could store them in the $_SESSION and refer to those in the register.php page, doing some checking to make sure someone has actually filled out the information and didn't just navigate to it.

    点赞 评论 复制链接分享
  • dsfdsf23423 dsfdsf23423 10年前

    Even if this is possible, you will hit another brick wall - the implementation of redirects in the popular browsers. While the standard requires, that it asks the user if a post is redirected, all popular browsers simply interpret the redirect as a GET. In short: you can't redirect a POST that way, you'll have to find another way without a round trip to the client, or use GET.

    Also, you should be aware that unless your requests are done via https, both GET and POST will present the sensitive information to any listener, as POST simply buts the query string into the http request and not the url. Security wise, both are the same.

    点赞 评论 复制链接分享