> Don't bother with checking the HTTP_REFERER - it can be easily forged. > There is a very simple solution to this problem -- validate the data from > the form! [snip] > You should be doing this anyway, since who knows what the user could > type in your input box. Nevermind if somebody makes a copy of your > form. Never never never trust the client. I'm already doing this. However, if I have a hidden variable containing a value of the current user I'm working with, that value can be changed to something else and it would pass the test. However, I need to find a way to determine if something like that has happened. That's where my description of what I was thinking of doing came from. Chris
- RE: [PHP] Munging hidden/form variables Opec Kemp \( Ozemail \)
- Re: [PHP] Munging hidden/form variables Christian Reiniger
- Re: [PHP] Munging hidden/form variables Kelly Corkill
- RE: [PHP] Munging hidden/form variables Boget, Chris
- Re: [PHP] Munging hidden/form variables Chris
- Re: [PHP] Munging hidden/form variables Simon Garner
- Re: [PHP] Munging hidden/form variables Harshdeep S Jawanda
- Re: [PHP] Munging hidden/form variables Boget, Chris
- Re: [PHP] Munging hidden/form variables Simon Garner
- RE: [PHP] Munging hidden/form variables Curt Seeliger
- RE: [PHP] Munging hidden/form variables Boget, Chris
- Re: [PHP] Munging hidden/form variables php3
- Re: [PHP] Munging hidden/form variables php3
- Re: [PHP] Munging hidden/form variables php3
- RE: [PHP] Munging hidden/form variables Bruce Molyneux
- RE: [PHP] Munging hidden/form variables Boget, Chris
