How does php hide url address bar parameters?

Php how to hide the url address bar parameters I made with PHP page, if you click a user to view the user information, the URL bar appears: http://www.abc.com/index.php? User_id = 39. modify the number to view other users. This is too insecure, right?

How can I avoid this problem and make information such as "http://www.abc.com/" or "http://www.abc.com/index.php" appear on the URL?
Please refer to the specific practices!

Reply to discussion (solution)

Modify the number to view other users. This is too insecure, right?
You do not need to hide the URL parameter to solve this security problem. you can use $ _ SESSION to determine whether the current user is the value of the user_id parameter. If yes, you can check it. Otherwise, you cannot check it. Besides, it is allowed to view other users' information. you can filter out some private information in the view.

It can be passed through cookies or sessions.

Can I write the detailed code? please, thank you.

Modify the number to view other users. This is too insecure, right?
You do not need to hide the URL parameter to solve this security problem. you can use $ _ SESSION to determine whether the current user is the value of the user_id parameter. If yes, you can check it. Otherwise, you cannot check it. Besides, it is allowed to view other users' information. you can filter out some private information in the view.

How can I write the code that can be attached?

This is a permission control issue.
For example, http://my.csdn.net/xuzuning and http://my.csdn.net/present is not the same

The simplest is to use session for comparison.
If the code has bugs or cannot run, ask again.

//First, you have to save the uid to the session after the user logs in. For example, in login.php, $_SESSION['uid'] = XXX 
//XXX is the sessionID given to the user when logging in (and the uid value of the user table). The same) 
/ / For example in userinfo.php if ($_SESSION['uid'] == intval($_GET['user_id'])) {
 / / display the current login user information } else { 
/ / can display other users Information (use $_SESSION['uid'] to query the uid of the user table and display the information as needed) 
// Also give the error message directly, telling him that he can't view the user's information}

Sorry, I still don't know much about it. $ _ SESSION ['uid'] = XXX is stored on the html page at the time of login or on the php page, if ($ _ SESSION ['uid'] = intval ($ _ GET ['User _ id']) {where is it, on the html page after login, or on the php page after login for judgment?

$ _ SESSION ['uid'] = XXX is placed in the php script. in this script: After the logon information check is completed, set $ _ SESSION ['uid'] = XXX, this XXX should be the uid retrieved from the user table based on the user login form field.

If ($ _ SESSION ['uid'] = intval ($ _ GET ['User _ id']) should be placed in the php script for judgment after login, if the user_id sent by GET is the same as the $ _ SESSION ['uid'], the user information is retrieved from the user information table and assigned to $ userinfo, and then the html page is introduced, embed php code in the html page, such as the user name:
If the incoming parameters are different from $ _ SESSION ['uid'], the user information to be viewed is not the user Currently logged on, if you want to display the user information, you can still query the information from the user information table based on GET user_id. you can selectively display some user information without displaying some private information; if you do not want to display the information of other users other than the current logon user, you can directly go to the error page with the header (location: XXXXX ).