--- Patrik Fomin <[EMAIL PROTECTED]> wrote: > i got a page that i devided up into 3 diffrent pages, > to call i use <form method="post"><input type="hidden" name="step" > value="1"> > or 2-3, but i found out that you can just write the url: > mypage.php?step=1 to get to step one, is there anyway to get rid of > that possibility
Yes, you can use $_POST['step']. However, this is just as easy to spoof, so you're not really eliminating the problem, just a symptom. Having the client identify what step it is on seems fundamentally flawed to me. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming mid-2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
