On 8/17/09 5:24 AM, "Ashley Sheridan" <ash@xxxxxxxxxxxxxxxxxxxx> wrote: > On Mon, 2009-08-17 at 02:17 -0700, nashrul wrote: >> This is a newbie question... >> Let's say there are 3 php files, page1.php, page2.php and page3.php. Form >> submission from page1.php or page2.php will take user to page3.php. >> I know that we can use parameter that is appended in the action attribute of >> the form (e.g <FORM METHOD=POST ACTION="tes.php?var1=val1">) >> But I think, appending this parameter is transparent to the user, since it's >> visible in the url. >> And I think we can also use the hidden field or (form name ??.). >> So which one is most secured and better ?? >> Thanks.. >> -- >> View this message in context: >> http://www.nabble.com/is-there-a-better-way-to-know-from-which-php-file-the-r >> equest-comes-from----tp25003587p25003587.html >> Sent from the PHP - General mailing list archive at Nabble.com. >> >> > Neither GET or POST is more secure, it's just that POST requires a tiny > bit more work to see what's being sent. You can use the > $_SERVER['HTTP_REFERER'] variable to detect where a request has come > from. The documentation for this particular variable mentions that it > can't be trusted, as it can be changed by the client browser, but then, > so can hidden form fields, etc. Personally, I'd go with the HTTP_REFERER > route, because it is completely transparent, and the majority of users > aren't going to bother changing it. your probably right. though i remember when i considered using HTTP_REFERER. i looked up the http rfc and it said that use of the header was optional. that made sense. so i decided not to make any of app functionality depend on it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
