Not sure if I posted about this yesterday, anyway new
I'm building a multi page form. So I"m using hidden
fields and echoing them to the next page in the loop.
Now someone tells me this is dangerous.
"because someone can save the final page (with most
of the hidden values) locally, edit it, then load it
and submit from it to your final page, overcoming ALL
your previous validations. (yes, this is possible
for someone that knows how to ditch the HTTP_REFERRER
So, a) guess I'd like to see if this is true. I
thought HTTP_REFERRER was the server variable for
grabbing everything before the script. Aside from
that there is nothing in the URL.
I see these forms quite a bit. What do people think ?
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php