Hello. I'd like some help from someone experienced with technical details behind html Post and Get methods.
Currently my website has user groups with different privilege levels. These privilege levels determine what a user will or won't be able to do. This is stored with other user information in a mysql database.
My first instinct was to read the privilege level from my database on every page that requires authentication. There are only a few, but they will most likely be visited successively. So I thought about passing this privilege level on via a form from one page to the next to reduce sql server load. I obviously can't use method GET, as users could just modify their level in the URL and cause some havoc. So I was hoping method POST would do the trick.
Bottom line if you don't want to read any of the above:
I basically just want to know if method POST is completely safe against potentially malicious users, and that they won't be able to alter anything I want to pass from one page to the next if I use method POST in my forms.
Currently my website has user groups with different privilege levels. These privilege levels determine what a user will or won't be able to do. This is stored with other user information in a mysql database.
My first instinct was to read the privilege level from my database on every page that requires authentication. There are only a few, but they will most likely be visited successively. So I thought about passing this privilege level on via a form from one page to the next to reduce sql server load. I obviously can't use method GET, as users could just modify their level in the URL and cause some havoc. So I was hoping method POST would do the trick.
Bottom line if you don't want to read any of the above:
I basically just want to know if method POST is completely safe against potentially malicious users, and that they won't be able to alter anything I want to pass from one page to the next if I use method POST in my forms.
Last edited:
