> Not sure if I posted about this yesterday, anyway new
> question.
> I'm building a multi page form.  So I"m using hidden
> fields and echoing them to the next page in the loop.
> Now someone tells me this is dangerous.
> "because someone can save the final page (with most
> of the hidden values) locally, edit it, then load it
> and submit from it to your final page, overcoming ALL
> your previous validations. (yes, this is possible
> for someone that knows how to ditch the HTTP_REFERRER
> information)"
> So, a) guess  I'd like to see if this is true.  I
> thought HTTP_REFERRER was the server variable for
> grabbing everything before the script.  Aside from
> that there is nothing in the URL.
> I see these forms quite a bit.  What do people think ?

just use sessions instead of hidden fields

dont use HTTP_REFERER for anything.  It can and is not sent many times
and is also not reliable.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to