Passing parameter through URL

Asked

Viewed 4,211 times

1

how do you pass a parameter to another VIEW screen, without the user seeing it in the URL?

For example : I have a query screen that the user clicks on the table and is redirected to another screen, which is the screen that opens the information of the field that was clicked, in case it can be a code.

the url would look like this :

http://localhost:64654/Pim/romaneio/Index? pid=108491

I pass her by JS, so :

window.location = "Index?pId=" + $($(this).find('td').get(0)).text();

My problem is that I will need to pass a parameter, to indicate whether the screen fields may be enabled or not.

Passing it through the URL would leave application vulnerable to changes, how can I proceed?

javascript c# jquery asp.net-mvc

  • Hello try the POST method: http://docs.jquery.com/Ajax/jQuery.post

  • Either way you will be vulnerable to changes. This is bad for security, you should validate this only on the server side.

  • There is another way to pass parameter between View and Controller?

  • you’re right @LINQ, try to check on the server side, try to encrypt if possible

  • 1

    @Andersonapdodesouza No parameter "pass" between views and controllers. Absolutely everything are HTTP requests, you need to be aware of this.

  • But for example, I have a table that lists values, then the user clicks on the value 1, and this value needs to lead to another screen that a method receives it and goes to the bank to search. In case I need to do all this inside my controller?

Show 1 more comment

2 answers

1

There is no way to pass information from a client machine to a server machine that is proof of past information changes. Deal with it.

If you want to make life very difficult for a hacker, you can make your users have to use an app instead of a page.

Other than that... If you just want to prevent laypeople from seeing parameter values in the URL, you have a few options:

  • Have a spa;
  • Use POST instead of GET;
  • Make an AJAX request to the server, get the results, and then mount them on screen. It has to do with the first alternative tangentially, but it doesn’t necessarily require effort to rethink your system at this point. Follow a pseudo-code example:
$.ajax({
    dataType: "json",
    type: "get",
    url: "Index?pId=" + $($(this).find('td').get(0)).text(),
    success: function (resultado) {
        // obtenha o resultado aqui e coloque em algum componente da página
    }
})

  • Got it, but in case, that way I can get off the page query and go to the index page? Forgive my ignorance, I’m a beginner in this world of requests... and web protocols.

  • 1

    @Andersonapdodesouza with the first alternative (SPA) you never leave the same page. With the second you can take data from one page to another without needing to put URL parameters. With the third alternative what you want is not possible.

  • Got it, today for example I do : $("#tbRomaneio tbody tr"). on('click', Function() { window.Location = "Index?pid=" + $($(this).find('td').get(0)).text(); }); ?

  • @Andersonapdodesouza your fields with the data filled by the user must be inside a form. The attribute action form must be the landing page. Finally, you need to press a button that submits and is inside the form. Buttons that perform submission are elements input or button attribute-ridden type="submit".

  • Then it won’t work. In my case, when the user clicks on the table, I call the event and redirect it to another VIEW that is in the same folder. Passing the value of the first table td.

  • @Andersonapdodesouza you can’t see me but I’m doing Bela Gil’s pose in her meme now. You can replace the button click with $("form").submit(), for example ;)

  • haha, @Renan, not on the button, on the table.

  • @Andersonapdodesouza $(tabela).on("click", function () { $("form").submit(); });

  • Let’s go continue this discussion in chat.

Show 4 more comments

1


From what I understand from your description, it seems that the object window can do it for you: 

var link = "" // Seu link aqui.
var newWindow = window.open(link, "_blank");

newWindow.paramTeste = "Este parâmetro foi transferido de uma pagina a outra.";

Test case: https://jsfiddle.net/0tgLeyL5/

By clicking the button Redirect, a new blank tab (or window) will open (it could be any other link you want to be redirected to). Inside the console (on F12), if you write window.paramTeste, will see that the variable will be set. You can transfer any object from one window/tab to another this way, without the need for other more complex methods.

Remember that this method still leaves you vulnerable to changes made by the user. It’s just less obvious but still easy to manipulate.

Browser other questions tagged javascript c# jquery asp.net-mvc

You are not signed in. Login or sign up in order to post.