On 8/17/09 5:24 AM, "Ashley Sheridan" <a...@ashleysheridan.co.uk> wrote:

> On Mon, 2009-08-17 at 02:17 -0700, nashrul wrote:
>> This is a newbie question...
>> Let's say there are 3 php files, page1.php, page2.php and page3.php. Form
>> submission from page1.php or page2.php will take user to page3.php.
>> I know that we can use parameter that is appended in the action attribute of
>> the form (e.g <FORM METHOD=POST ACTION="tes.php?var1=val1">)
>> But I think, appending this parameter is transparent to the user, since it's
>> visible in the url.
>> And I think we can also use the hidden field or (form name ??.).
>> So which one is most secured and better ??
>> Thanks..
>> -- 
>> View this message in context:
>> http://www.nabble.com/is-there-a-better-way-to-know-from-which-php-file-the-r
>> equest-comes-from----tp25003587p25003587.html
>> Sent from the PHP - General mailing list archive at Nabble.com.
> Neither GET or POST is more secure, it's just that POST requires a tiny
> bit more work to see what's being sent. You can use the
> $_SERVER['HTTP_REFERER'] variable to detect where a request has come
> from. The documentation for this particular variable mentions that it
> can't be trusted, as it can be changed by the client browser, but then,
> so can hidden form fields, etc. Personally, I'd go with the HTTP_REFERER
> route, because it is completely transparent, and the majority of users
> aren't going to bother changing it.

your probably right. though i remember when i considered using HTTP_REFERER.
i looked up the http rfc and it said that use of the header was optional.
that made sense. so i decided not to make any of app functionality depend on

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to