php - Are URL variables safe -

php - Are URL variables safe -

are passing url variables safe? yes, know out there in plain site , see.... it's not ssn or anything. i'm not talking https items, passing title , email address....

for instance, let's in page of site, there's list of employees. let's take "jimmy" example. jimmy has bio , picture, , [contact jimmy] button bio. if clicks on [contact jimmy], next :

<a href="contact.php?title=jimmy&emailto=jimmy@mysite.com">

in contact.php, check see if variables passed, if not, set defaults :

<?php // checks see if $emailto empty, if so, send default email address if (empty($_get['emailto'])) { $_get['emailto'] = 'info@mysite.com'; } ?> <?php // checks see if $title empty, if so, default the selected title "us" if (empty($_get['title'])) { $_get['title'] = 'us'; } ?>

upon submit, contact.php form strips code, checks validity, etc before submitting. i'm still feeling naked having them in url in day , age of hackers , spambots. if horrible , unspeakable way pass variables, thoughts on how accomplish same thing? rather not have drop downwards on contact form people take contact, suppose that's option. ok.... kind! ;)

submit via post using javascript instead of get. it's much improve way send sort of info get.

function contact(title, to) { var formdata = new formdata(); formdata.append('emailto', + '@mysite.com'); formdata.append('title', title); var ajax = new xmlhttprequest(); ajax.open('post', 'contact.php', false); ajax.send(formdata); }

php variables url