Home / Questions / 115804
Accepted
lucho
Asked: 2020-11-09 11:29:44 +0800 CST 2020-11-09 11:29:44 +0800 CST

How to hide url in laravel when you use get to edit?

  • 772

I want to edit a record by its id and I have the following code in my view:

<a href="{{route('guest.edit',$g->id)}}" class="btn btn-simple btn-warning btn-icon edit"><i class="ti-pencil-alt"></i></a>

And so I have in my route:

Route::resource('guest','GuestController');

Then in my controller:

public function edit($id){
    $guest=Guest::find($id);
    return view('Guests.edit1',compact('guest'));
}

The problem with this is that the id appears in my route, which I consider is not safe, it appears in this way

http://localhost:8081/guest/2/edit

How do I solve in such a way that the id is not shown in the url, or the url is not shown at all

laravel

5 Answers

  1. Best Answer

    A possible solution would be to use Encryption to display your encrypted parameter. From the view, I would use encryptfromblade

    <a href="{{route('guest.edit',Crypt::encrypt($g->id))}}"

    Then in the controller decrypt this value.

    public function edit($id){
  $id =  Crypt::decrypt($id);
  $guest=Guest::find($id);
  return view('Guests.edit1',compact('guest'));
}

    Do not forget use Illuminate\Support\Facades\Crypt;

    • 7

  2. I found the best solution to the problem using FakeID.

    Masking all the ids of your model, simply by putting the namespace and the trait , it will hide your id and it will generate a very clean URL, example, if you have something like this:

    localhost/2/editar

    I would change it to something like this:

    Localhost/97302855/editar

    You don't have to worry about encrypting or decrypting , it does everything automatically.

    https://github.com/Propaganists/Laravel-FakeId

    • 3

  3. You could also try using friendly urls, you have a cleaner url and you manage to hide the id.

    I use this package https://github.com/cviebrock/eloquent-sluggable it allows you to generate friendly urls in a simple way.

    • 2

  4. Try it like this with an alias on the path:

    Route::get('/url/{id}',[
   'uses'=>'Controller@metodo',
    'as'=>'registration'
]);

    or also with this laravel helper:

    Hash::make($id)
    • 1

  5. I know it's a bit late now but I just found a possible solution.

    1. You create a new policy linked to your model php artisan make:policy NombrePolicy -m nombreModelo. Go to app->HTTP->policies.
    2. You will find different functions like "create, view view any, etc." you choose the one of interest in my case I chose wiew since I couldn't find the edit. enter image description here

    Now here are two ways that I look at...

    1. you get the url of the page you visit example http://.../user/560/edit with $urlUserBase=request()->url();. Then I get the edit route but from the current user with $urlUserActual=route('usuario.edit',['usuario'=>$user->id]); returns comparing that if they are identical return $urlUserActual === $urlUserBase; in your controller you write//Verifica el policy User@update $this->authorize('función',$varConArrayUsuario); enter image description here

    enter image description here

    The result is this: enter image description here

    And the other you can check here

    • 1