Referral or Affilate setup
I have a client who wants to add a referral plan to their eCart web site.
The third party would include a link on their web site, to my client's store, and then receive a % commission of the referred sales.
My first thought was to include a URL variable in the link so that a session was set once the visitor arrived via that link.
Then record the variable in the Orders table.
1- Session is set on first page, setting the Affiliate ID from the URL.
if (!session_id()) session_start();
$_SESSION["affiliateid"] = "".$_GET['affiliateid'] ."";
2- Then that session is stored in the Orders table on the confirm.php page.
But if I'm not mistaken, entering data from a URL is a security risk. Am I correct on that?
What would be the safest method to simply include a referral ID with each order (if one exists)?