I have been trying to redirect page with variable through javascript.
I have found window.location.href = "test.php?variable=" + variabletosend;
but in this way user can change url and hence values.
Please tell me, how to pass variable to another page through javascript, hidden from user.
I have been trying to redirect page with variable through javascript.
I have found window.location.href = "test.php?variable=" + variabletosend;
but in this way user can change url and hence values.
Please tell me, how to pass variable to another page through javascript, hidden from user.
Share Improve this question asked Apr 19, 2015 at 12:55 Raghav GargRaghav Garg 3,7072 gold badges26 silver badges33 bronze badges 4- This is not possible. Any JS redirection will be visible to the user because it is a client-, not server-based redirect. You need something like Apache Mod-Rewrite. – Mitya Commented Apr 19, 2015 at 12:57
- Javascript runs on the user's browser. He can see it ! What you can do is to use button with submit and redirect the url in php. – Rohit Gupta Commented Apr 19, 2015 at 12:58
- maybe try a hidden form and use jquery to post that form to another page? – TheDeveloper Commented Apr 19, 2015 at 12:59
- A user will always be able to modify a request. In case this is supposed to be a security measure: Security through obscurity is not only bad practice, it is outright dangerous. Plain and simple: Use server side session variables to pass data. Also, you might want to read the OWASP Guide v4, too. – Markus W Mahlberg Commented Apr 19, 2015 at 13:43
5 Answers
Reset to default 3Your entire approach is wrong.
You can never trust a URL from a user, nor prevent the user from seeing the URL to the page.
Instead, you need to write server-side code to return an error if the user tries to access they're not supposed to.
You could do something like:
- Instead of GET request, use POST (if you don't want parameters in url)
- If you want to pass parameter + redirect then, it would be better if you could store those values as session variable.
If you worry about user accessing improper pages of your site you should correclry handle such requests either in server-side running code or using your web-server (IIS, Apache, etc)
You basically want to send the variable to a php page via js.I also had this kind of problems.you should use AJAX request.I know it sounds plex but after you google it this would be easy.In jquery you could use(it would be good to check for syntax error):
$(document).ready(function() {
$.ajax({
type: "POST",
url: 'test.php',
data: { variable : variable },
success: function(data)
{
alert("success!");
}
});
});
use this file."jquery.redirect.js"
$("#btn_id").click(function(){
$.redirect(http://localhost/test/test1.php,
{
user_name: "khan",
city : "Meerut",
country : "country"
});
});
see=https://github./mgalante/jquery.redirect