RE: Is it really POST?

Mon, 09 Jul 2001 08:33:50 -0700 

-----Original Message-----
From: Michael Lugassy [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 08, 2001 2:40 PM
To: CF-Talk
Subject: Is it really POST?


How can I check if the .cfm file was submitted using POST and not GET?
(I'm trying to prevent, as possible, people to submit the params using URL and not 
form fields).

Thanks,

Michael Lugassy


----

Well this was interesting when I tested it.  I made two pages:

<!--- testform.cfm --->

<form name="newform" action="testform_action.cfm" method="get">

Test Form:<br>
<input type="text" name="test1" value="">

<input type="hidden" name="hidden1" value="yep, I'm hidden!">

<input type="submit" name="submitbutton" value="click to gooooo">

</form>



<!--- testform_action.cfm --->

<cfif IsStruct(form)>

FORM is defined.

<br><br>
<cfloop collection="#form#" item="thisvar">
        <cfoutput>#thisvar#<br></cfoutput>
</cfloop>

<cfelse>

FORM is not defined.

</cfif>


Now, if you run the first page and submit it, whether you keep the FORM method as GET 
or change it to POST, the IsStruct() function will tell you that FORM is indeed a 
structure.  This first led me to believe that even though the form was submitted by 
GET, CF still knew a form had been submitted.  Now, even though I didn't check (bad), 
I surmise that the called page doesn't know a form has been submitted when 
method="GET" because if you run the second page on it's own, FORM is STILL a 
structure.  I might be wrong about that, but I still have a solution that I think will 
work for you.  Since the FORM structure exists on every page, and is empty on some, if 
you change the IsStruct() function to the StructIsEmpty() one, you will be able to 
tell if a form was submitted by GET and not post.

I figured this was a good alternative method since HTTP headers can be faked.


-Andy


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to