[FX.php List] Newbie PHP Question about direct link request to DB

Head Honcho headhoncho at customikesolutions.com
Mon Mar 22 05:30:30 MDT 2010 

Hi Lars (I assume),

The recid that you are passing as a $_GET is FileMaker's internal recordID.  This is set by FileMaker and can't be changed.

So, if you're trying to obsfucate using a calculation, you'll need to "unwrap" the calc before passing the true recid.

Otherwise, change your requests to $_POST's which will be "hidden" from the user.

Hope this helps, somewhat.

Regards

Michael Ward
--
Head Honcho
CustoMike Solutions
Member, FileMaker Business Alliance
Member, FileMaker Technical Network
FileMaker 7 Certified Developer
FileMaker 8 Certified Developer
FileMaker 9 Certified Developer
FileMaker 10 Certified Developer
10 Wandoo Crt
Wheelers Hill, 3150
ph 0414 562 501
headhoncho at customikesolutions.com

On 22/03/2010, at 9:53 PM, Lars Arlér wrote:

> Hi all and thanks in advance..
> 
> Have a little problem with my http request to my DB
> And my objective is to blur the link, so that everybody can’t figure out the
> next record link
> 
> 
> "http://xx.xx.xx.xx/browserecord.php?-action=browse&-recid=189"   works ok
> 
> "http://xx.xx.xx.xx/browserecord.php?-action=browse&-recid_calc=189200011893
> 59742000120001"    return false/error
> 
> 
> Both recid and recid_calc are totally identical in db field “type & option”.
> 
> I think that I found the problem in my script, but isn't that strong in PHP
> to figure this one out alone......
> 
> --------------------------- ZIP ZIP ZIP ---------------------------------
> 
> case "browse" :    
> default :          
>  {                 
>     $recid = $cgi->get('-recid');
>     if (!isset ($recid))
>     $recid = 1;    
> 
>     $record = $fm->getRecordById($layoutName, $recid);
> ExitOnError($record);
>     break;         
> } 
> 
> --------------------------- ZIP ZIP ZIP ---------------------------------
> 
> 1. So what does this little script do ??
> 2. And how can I make it accept the “recid_calc” ??
> 3. Or accept any other valid field name ??
> 
> 
> thanks in advance..
> 
> ______________________________________________________
> 
> MEDIADESIGN
> Graphics-& Web design
> 
> Lars Arlér         
> cell: +45 2814 0010
>                   
> La at mediadesign.dk  
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list