1

When a user click post,after filling a form,it post the form datas into a php from where it is sent (redirected) to another url.

But the form has confidential datas,that is been shown in the address bar while redirecting.

The url is seen as http://payment.kkl.com?token.jsp?id=ajsjs&password=pefwhkewhxxx

data is being posted to a php file using post method.From the php ,this datas are again encrypted and along with some raw data it is rediredted to an external url as I have shown.This external url has parameters that I dont want to expose i need to hide the id and password,the url in the address bar should be shown with out the id and password..Anyway to do this using htaccesS??

1 Answers1

2

Make use of POST method on your <form> to pass information to the other page.

Definitely .htaccess is not the solution here.

Shankar Narayana Damodaran
  • 68,075
  • 43
  • 96
  • 126
  • See I use the post data,so that the data is being posted to a php file.From the php ,this datas are again encrypted and along with some raw data it is rediredted to an external url as I have show.This external url has parameters that I dont want to expose.. –  Dec 12 '13 at 05:55
  • Do you have control over the `external url` ? If you are passing the data in an `encrypted` form , why do you worry ? – Shankar Narayana Damodaran Dec 12 '13 at 06:00
  • @user3079558: i think you may look at `RESTful webservice` for this. look at this: http://en.wikipedia.org/wiki/Representational_state_transfer or search for `REST` web service on google – Mohammad Faisal Dec 12 '13 at 06:06
  • no the encrypted data,along with some raw data,in a format that is accepted by the external url.so i cannot simply encrypt it –  Dec 12 '13 at 06:16
  • Is your external URL using SSL i.e. (https) if so you don't have to worry. – Shankar Narayana Damodaran Dec 12 '13 at 06:19
  • yes i use ssl,but it still shows up in the url from which anyone could copy out the parameteres,like password and all those things. –  Dec 12 '13 at 06:22
  • Have a look here. http://stackoverflow.com/questions/323200/is-an-https-query-string-secure – Shankar Narayana Damodaran Dec 12 '13 at 06:34