In my application, I used to directly pass the form variables to another website. Then I found that form variables posted are not secure, as they can be intercepted and modified.(especially in payment functions where form.amount could be modified to 0) The variable values are secure when using cfhttp to do a form post.
>Oh, and thanks for the feedback and explanation, Dave! > >Rick > >cfhttpparam values > > >> So, how does the cfhttpparam above get the #form.fname# value? Does I use >> a regular HTML form and submit the values to another page that receives >> and posts them via cfhttp? (If that's true, then I'll now understand how >> the value of a select formfield gets into a cfhttpparam...) > >I think you're overthinking this. CFHTTP and CFHTTPPARAM are just like >any other CFML tags. You can use them wherever you want to, but they >execute on the server, and have access to whatever variables your >program happens to have. If you want the user to fill out a form, then >you want to send the form data to another web site, you'd put CFHTTP >and CFHTTPPARAM in your action page - just like you'd put CFQUERY in >your action page if you wanted to create or update a database record >based on form data provided by a user. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >http://training.figleaf.com/ > >Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on >GSA Schedule, and provides the highest caliber vendor-authorized >instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352515 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
