Encode search params
Answered
Savannah posted this in #help-forum
SavannahOP
Hi guys, anyone know how can I decode the search params I encoded before (with encodeURIComponent) ?
Like my search params are empty when I get them
account/page.tsx
const queryParams = new URLSearchParams({ email: updatedEmail, correctCode})
router.push(
verification/email/page.tsx :
const searchParams = useSearchParams()
const email = searchParams.get('email')
const correctCode('correctCode')
Like my search params are empty when I get them
account/page.tsx
const queryParams = new URLSearchParams({ email: updatedEmail, correctCode})
router.push(
/verification/email?${encodeURIComponent(queryParams.toString())})verification/email/page.tsx :
const searchParams = useSearchParams()
const email = searchParams.get('email')
const correctCode('correctCode')
Answered by joulev
the only way that doesn't allow people to know it, is to never send it to the client. keep it in the server. only send encrypted values to the client. entire encryption and decryption process takes place on the server with a server-side secret
12 Replies
@Savannah Hi guys, anyone know how can I decode the search params I encoded before (with encodeURIComponent) ?
Like my search params are empty when I get them
account/page.tsx
const queryParams = new URLSearchParams({ email: updatedEmail, correctCode})
router.push(`/verification/email?${encodeURIComponent(queryParams.toString())}`)
verification/email/page.tsx :
const searchParams = useSearchParams()
const email = searchParams.get('email')
const correctCode('correctCode')
.toString already handles the encoding for you. so don't encode it again
router.push(`/verification/email?${queryParams.toString()}`)@joulev .toString already handles the encoding for you. so don't encode it again
ts
router.push(`/verification/email?${queryParams.toString()}`)
SavannahOP
But how can I make the code unreadable/intelligible in the URL? Because here I clearly have the raw 6-digit code in the URL.
@Savannah But how can I make the code unreadable/intelligible in the URL? Because here I clearly have the raw 6-digit code in the URL.
you can't. all form of client-side encoding are unsecure, anyone can go check and decode the string
@joulev you can't. all form of client-side encoding are unsecure, anyone can go check and decode the string
SavannahOP
Ohh, okay. What do you recommend for transferring code from one page to another with good security?
Cookies ?
@Savannah Ohh, okay. What do you recommend for transferring code from one page to another with good security?
the only way that doesn't allow people to know it, is to never send it to the client. keep it in the server. only send encrypted values to the client. entire encryption and decryption process takes place on the server with a server-side secret
Answer
i feel you are trying to do something that is simply impossible
@joulev the only way that doesn't allow people to know it, is to never send it to the client. keep it in the server. only send encrypted values to the client. entire encryption and decryption process takes place on the server with a server-side secret
SavannahOP
Okay, I see. Thanks for your advice, I just gonna store the verification code into database
And then, just compare it with user value send by users