I wanted to know if there is a way to hide the url which displays when your cursor hovers over the submit button on a form.

It shows in Opera and IE, but not Firefox or Safari.

The reason I want to hide the url is to hide php variables.

Anyone know if this is possible?

That is just the way those browsers function. There is no way around that aspect.

However, what variables are you trying to hide? PHP itself cannot be seen by the client, so you wouldn't need to hide them. Do you mean the hidden input tag values? There is no way to hide those. Anyone can just view the source code for your page.

I'm trying to pass php variables through the url. The variables are used to help clarify which data will be sent to one of my database's tables.

ex:
example.com/example.php?type=1&page=2&data=231

When this page loads it redirects to another page, so it doesn't show in the main url address bar.

I'm sure people can find this in my source code if they really wanted to look, but I want to hide it or replace it somehow when the cursor hovers over the submit button, so it doesn't show in the status bar.

For url links using html you can mask the url by using:
<a href="javascript:void(0);" onclick="www.example.com">this</a>

This only shows "javascript:void(0);" in the status bar.

I was wondering if there was a way to do this with the input tags. (<input ... />)


On a side note:
I recently saw videos on youtube about SQL injection hacking and was wondering if this affects comment/guestbook forms as well. Such as the input tag for: name, email, comment...etc. It seemed like it had to deal with actual user login (name and password), but not sure if it can be done through comment forms.

As I already stated, it cannot be done. A submit button is a submit button and not a link.

For url links using html you can mask the url by using:
<a href="javascript:void(0);" onclick="www.example.com">this</a>

This only shows "javascript:void(0);" in the status bar.
I do would never advise this implementation because your links will fail if JavaScript is not enabled on the client machine.

I recently saw videos on youtube about SQL injection hacking and was wondering if this affects comment/guestbook forms as well. Such as the input tag for: name, email, comment...etc. It seemed like it had to deal with actual user login (name and password), but not sure if it can be done through comment forms.
Protection from SQL injection is always handled by the server-side code. For example, in PHP, all you need is to use the function mysql_real_escape_string() (http://us.php.net/mysql_real_escape_string). This is automatically put the correct escape slashes in so that the variables cannot be used for injection.