Re: Multi Page Form

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Not sure if I posted about this yesterday, anyway new
> question.
> I'm building a multi page form.  So I"m using hidden
> fields and echoing them to the next page in the loop.
> 
> Now someone tells me this is dangerous.
> "because someone can save the final page (with most
> of the hidden values) locally, edit it, then load it
> and submit from it to your final page, overcoming ALL
> your previous validations. (yes, this is possible
> for someone that knows how to ditch the HTTP_REFERRER
> information)"
> 
> So, a) guess  I'd like to see if this is true.  I
> thought HTTP_REFERRER was the server variable for
> grabbing everything before the script.  Aside from
> that there is nothing in the URL.
> 
> I see these forms quite a bit.  What do people think ?

just use sessions instead of hidden fields
http://us4.php.net/session

dont use HTTP_REFERER for anything.  It can and is not sent many times
and is also not reliable.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux