Hi & welcome,

Short answer: no.

Hyperlinks tell browsers to GET the file named in the href attribute. AFAIK the only way browsers can perform a POST is from a form.

Even if you were to use <form method="post"> , folks could always have a look at the source code to check for any hidden fields.

thumper:

Use session variables if you want to pass information from page to page without any chance of the user changing it.

Here are a couple of functions I wrote to deal with this issue. I couldn't find a way to do this without using global vars. This could be fixed if PHP supported pointers properly. I was tempted to implement this as a class, but PHP's OOP implementation doesn't allow private data members, so there's really no advantage.

The idea here is to create a number of totally hidden forms which are created by hlink() but placed by hlinkscript() such that they won't affect the page formatting too much (even blank forms add in browser-displayed whitespace!) The hlink() fxn also creates a javascript fxn for every form and returns a hyperlink whose sole purpose is to run its associated javascript fxn, which in turn submits the associated form.

The result is, instead of using GET like this:

echo"<a href='URIpath/script.php?hiddenfieldname=hiddenfieldvalue' class='funkyclass'>hyperlink text</a>";

You can use POST via the hlink fxn like this:

echo hlink ("hyperlinktext", "hiddenfieldname", "URIpath/script.php", "funkyclass", "hiddenfieldvalue");

I optimized the order of the optional parameters for my own implementation. I was using $_POST array keys without any values to indicate which set of contents should be displayed. Since I used "hiddenfieldvalue" infrequently, I put it at the end, but you can move it.

Just remember to put:

hlinkscript();

somewhere at the end of your script.

Please let me know if you find a cleaner method!

-RS

/***************************************************************************\
* hlink(string text [, string hiddenfieldname [, string url [, string styleclass [, string hiddenfieldvalue]]]])
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Creates a form with an optional hidden field that is submitted via a
* java-based hyperlink to an optional URL. The browser's status message is
* set to the text for the hyperlink onmouseover and cleared onmouseout. The
* purpose is to create hyperlinks that pass a single value to the $_POST
* array. Forms are named sequentially starting at 0. A global variable is
* set to track the index.
*
* Variables
* ~~~~~~~~~
* $text - Hyperlink text
* $funcname - Key to be passed to $_POST array
* $href - The URL of the page linked to - the form's action
* $classname - Style class of anchor
* $value - Value to be passed to $_POST array
* $GLOBALS['hlinkindex'] - The index of the current form, incremented with each function call
* $formname - The name of the form - Link<index> eg. Link0
* $GLOBALS['hlinkscripts'] - Holds all javascript functions until hlinkscript is called
* $GLOBALS['hlinkforms'] - Holds all forms until hlinkscript is called
* $returntext - Holds the hyperlink for return at end of function
*
\***************************************************************************/

function hlink($text, $funcname=null, $href=null, $classname=null, $value=null)
{
//Initialize or increment the link index
if(!isset($GLOBALS['hlinkindex'])) $GLOBALS['hlinkindex']=0;
else $GLOBALS['hlinkindex']++;

//Set the form name as Link<index>
$formname="Link".$GLOBALS['hlinkindex'];

//Initialize the global variables to hold the javascripts and forms.
if(!isset($GLOBALS['hlinkscripts'])) $GLOBALS['hlinkscripts']=null;
if(!isset($GLOBALS['hlinkforms'])) $GLOBALS['hlinkforms']=null;

//Here's the javascript the does all this stuff
$GLOBALS['hlinkscripts'].="<SCRIPT language='JavaScript'>function $formname() {document.$formname.submit();}</SCRIPT>\n";

//Start the form
$GLOBALS['hlinkforms'].="<form name='$formname' action='$href' method='post'>";

//If there is a value to be returned, set up the hidden form field
if($funcname) $GLOBALS['hlinkforms'].="<input type='hidden' name='$funcname' value='$value'>";

//Comment out the following line if session support is not needed and/or if
//session.use_trans_sid is enabled and working properly.
//$GLOBALS['hlinkforms'].="<input type='hidden' name='PHPSESSID' value='".session_id()."'>";

//Finish the form
$GLOBALS['hlinkforms'].="</form>\n";

//Start the hyperlink
$returntext.="<A href='javascript: $formname()'";

//Set the windows status to the hyperlink text onmouseover
$returntext.=" onmouseover=\" window.status='".addslashes($text)."'; return true\" onmouseout=\"window.status=''; return true\"";

//If there is a class (say, for style sheets) set that up
if($classname) $returntext.=" class='$classname'";

//Finish off the hyperlink with the text
$returntext.=">$text</A>";

//Return the code
return $returntext;
}

/***************************************************************************\
* hlinkscript()
* ~~~~~~~~~~~~~
* Outputs the form code and javascript code accumulated by the hlink
* function's globals 'hlinkforms' and 'hlinkscripts.' The call to this
* function should be placed somewhere in the page where it won't affect
* formatting, such as at the end. Unfortunately, even blank forms cause
* browser-displayed whitespace to appear. This happens in IE at least.
*
* Variables
* ~~~~~~~~~
* $GLOBALS['hlinkforms'] - Form scripts
* $GLOBALS['hlinkscripts'] - Javascript functions
*
\***************************************************************************/

function hlinkscript()
{
echo $GLOBALS['hlinkforms'].$GLOBALS['hlinkscripts'];
}

Welcome to WebmasterWorld, ReasonableSanity!

but PHP's OOP implementation doesn't allow private data members

Things have changed a bit in PHP5 [webmasterworld.com].

Cool. Now all I need is for one of my webservers to upgrade to PHP5! I guess there are still some stability concerns(?)

-RS