I suppose I don't understand why you'd care if the variable came from a form field as opposed to a URL variable. Either way you're going to have to make sure the user is an admin and they they have the rights to delete something.
On 10/14/07, Matt Quackenbush <[EMAIL PROTECTED]> wrote: > > Okay, so you pick a framework - just about any framework; Fusebox, > ColdBox, > mach-ii, Model-Glue. These frameworks fold the form (post) and URL (get) > variables into an event object (or attributes in the case of traditional > FB > apps). But let's say that you want to be sure that the variable came from > a > post - for instance deleting something in an admin panel. > > How do you guys (and girls) verify that it's a post var? > > > Thanks, > > Matt > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Enterprise web applications, build robust, secure scalable apps today - Try it now ColdFusion Today ColdFusion 8 beta - Build next generation apps Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291061 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
