On 8/17/09 5:17 AM, "nashrul" <anas_a...@yahoo.com> wrote:

> This is a newbie question...
> Let's say there are 3 php files, page1.php, page2.php and page3.php. Form
> submission from page1.php or page2.php will take user to page3.php.
> I know that we can use parameter that is appended in the action attribute of
> the form (e.g <FORM METHOD=POST ACTION="tes.php?var1=val1">)
> But I think, appending this parameter is transparent to the user, since it's
> visible in the url.
> And I think we can also use the hidden field or (form name ??.).
> So which one is most secured and better ??

i'm not in love with using the form POST method combined with an action url
that includes pseudo-GET parameters.

for POST forms, i use a convention of always having a hidden input in the
form to indicate which form sent the query, e.g.

<input type="hidden" name="whichform" value="foobarform">

this also comes in handy if one server script processes more than one form.

as for security, there's little difference between this method, using GET
values, using HTTP_REFERER, or what have you. protection against spoofing
lies not in these choices.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to