I forwarded this to the Devs and will be checked but I don't think we use PHP at all.
Whatever scripting language you have used, you need to ensure that when you are submitting a form you should ensure that data are not using a public post method.
$_POST['variable_name'];
?>
This ensures that data are not visible in the URL
$_GET['variable_name'];
?>
This means data are visible in the URL.
Now depending on the language you are using you should have similar methods. Use the one which is not visible for in the URL. This is secure.
You do not want someone else reads the sensitive data except the database of the application.
Good luck guys.
By the way, are you using ASPX?