Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
How to effectively hide Href From a Link in PHP?
While you cannot completely hide href attributes from a link, there are several PHP techniques to obscure URLs and make them less obvious to users. Here are the most effective methods.
Using URL Rewriting
Apache's mod_rewrite allows you to create clean URLs that hide the actual file structure ?
// .htaccess file RewriteEngine On RewriteRule ^product/([0-9]+)$ /product.php?id=$1 [L] // product.php <?php $productId = $_GET['id']; echo "Product ID: " . $productId; ?>
This transforms product.php?id=5001 into a cleaner product/5001 URL.
Using POST Requests with Forms
POST requests don't expose parameters in the URL, making them ideal for hiding sensitive data ?
<form method="post" action="process.php">
<input type="hidden" name="packageID" value="5001">
<input type="hidden" name="action" value="view">
<button type="submit" class="link-button">View Package</button>
</form>
Using Encrypted Parameters
Encrypt sensitive data in URLs to make them unreadable ?
<?php
// Encrypt function
function encryptId($id) {
$key = "your-secret-key";
return base64_encode(openssl_encrypt($id, 'AES-128-ECB', $key));
}
// Decrypt function
function decryptId($encrypted) {
$key = "your-secret-key";
return openssl_decrypt(base64_decode($encrypted), 'AES-128-ECB', $key);
}
// Usage in link
$encryptedId = encryptId(5001);
echo "<a href='product.php?token=$encryptedId'>View Product</a>";
// In target file
$originalId = decryptId($_GET['token']);
?>
Using Session-Based Tokens
Store sensitive data in sessions and use tokens in URLs ?
<?php
session_start();
// Generate token and store data
$token = bin2hex(random_bytes(16));
$_SESSION['tokens'][$token] = [
'packageID' => 5001,
'expires' => time() + 3600
];
echo "<a href='package.php?t=$token'>View Package</a>";
// In target file
$token = $_GET['t'];
if (isset($_SESSION['tokens'][$token])) {
$data = $_SESSION['tokens'][$token];
$packageID = $data['packageID'];
}
?>
Comparison
| Method | Security Level | SEO Friendly | Implementation |
|---|---|---|---|
| URL Rewriting | Low | High | Moderate |
| POST Forms | Medium | Low | Easy |
| Encryption | High | Low | Complex |
| Session Tokens | High | Low | Moderate |
Conclusion
While href attributes cannot be completely hidden, you can use URL rewriting for clean URLs, POST requests for security, or encryption/tokens for sensitive data. Choose the method based on your security requirements and user experience needs.
833 Views
