On Mon, 2009-08-17 at 02:17 -0700, nashrul wrote:
> This is a newbie question...
> Let's say there are 3 php files, page1.php, page2.php and page3.php. Form
> submission from page1.php or page2.php will take user to page3.php.
> I know that we can use parameter that is appended in the action attribute of
> the form (e.g <FORM METHOD=POST ACTION="tes.php?var1=val1">)
> But I think, appending this parameter is transparent to the user, since it's
> visible in the url.
> And I think we can also use the hidden field or (form name ??.).
> So which one is most secured and better ??
> Thanks..
> -- 
> View this message in context: 
> http://www.nabble.com/is-there-a-better-way-to-know-from-which-php-file-the-request-comes-from----tp25003587p25003587.html
> Sent from the PHP - General mailing list archive at Nabble.com.
Neither GET or POST is more secure, it's just that POST requires a tiny
bit more work to see what's being sent. You can use the
$_SERVER['HTTP_REFERER'] variable to detect where a request has come
from. The documentation for this particular variable mentions that it
can't be trusted, as it can be changed by the client browser, but then,
so can hidden form fields, etc. Personally, I'd go with the HTTP_REFERER
route, because it is completely transparent, and the majority of users
aren't going to bother changing it.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to