pedro mpa wrote: >> So the value attribute contains an encrypted representation of the >> country name ... which is transmitted in clear text right next to it? >> If you want encryption, why not just use SSL? > The value attribute contains an encrypted value of a row id in the > database table for countries. How would I know which country the user has > selected if I don't know its row id to insert on a members table (either > plain, masked or encrypted)? Obviously you need to relate the data to your database - but why encrypt it? And if you do encrypt it, why not use SSL to do so? >> name ... which is transmitted in clear text right next to it? > > What is posted is the value attribute of the option elements not the > country text (do a print_r($_POST)). When the client sends the entered data to the server, yes. However, that isn't the case when the server sends the form to the client in the first place. > Suppose you are on a Private Area on a website after login and you might > have links such as: > <a href="page.php?changeprefs">Preferences</a> > <a href="page.php?op=3">Change Password</a> > <a href="site/changeemail">Change E-mail</a> > > In my approach these links would be like: > <a href="page.php?ad6467ae6757">Preferences</a> > <a href="page.php?op=97874bd86a4a5">Change Password</a> > <a href="site/97874bd86a4a5">Change E-mail</a> Why? > for this you need htaccess on apache -I think- No. .htaccess files just allow you to reconfigure Apache on a per directory basis without restarting the server. -- David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/> Home is where the ~/.bashrc is -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
