Hey J,
Great question. Presumably you're doing this to prevent users from changing
a hidden field or something and then posting the modified hidden field (like
order amount or something) to your site, effectively changing the price
they'll pay for an item (for example).
I'm sure there are a couple different ways. I really don't think there's
much you can do client side because all of that can be manipulated
(obviously) by the client. You'll have to do everything server side. I
would suggest not worrying about them changing stuff and saving the page.
let them do whatever they want. Do server side checks of all the form
fields, thus ensuring that everything they submit is on the up and up.
AJ
-----Original Message-----
From: JL [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 12, 2000 12:00 PM
To: CF-Talk
Subject: Form Question
Here is the case:
let say people can access to a form page in our site. If somebody downloads
that page to the computer and load it, how can I prevent him from posting
the
form to the our site? I don't think i can check cgi.http_referer because in
this case, it will be empty (nothing). And I don't think I can reject all
empty cgi.http_referer because of the cflocation. Any suggestion? Thanks
alot.
J
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=sts&body=sts/cf_talk or send
a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
