I was reviewing ur post, and thinking u might talk about a pretty common application like in a sequence of order form u want first the billing data then the shipping data. for both u need just the same form u then process on script3.
in such a case it doesn't matter if u use hidden fields or url parameter, GET or POST to run different code for each form data in sript 3 neither can I see a security issue here. u processing only the variables u defined. and what does it matter if you have an hidden field like stepp=1 or stepp=2 and a bored user put just for fun stepp=99 to piek ur ass. just take care in ur code for it and display something (e.g. "hang on , big brother is watching u") this is good practice and common all over. any PHPer got his own way to do it, and I think u r in the process to find urs. just try what u like best. if you have a real security issue come back with more details about the SECURITY issue and I m shure the group will have a good brainstorm going again. have fun ralph_def...@yahoo.de "nashrul" <anas_a...@yahoo.com> wrote in message news:25003587.p...@talk.nabble.com... > > This is a newbie question... > Let's say there are 3 php files, page1.php, page2.php and page3.php. Form > submission from page1.php or page2.php will take user to page3.php. > I know that we can use parameter that is appended in the action attribute of > the form (e.g <FORM METHOD=POST ACTION="tes.php?var1=val1">) > But I think, appending this parameter is transparent to the user, since it's > visible in the url. > And I think we can also use the hidden field or (form name ??.). > So which one is most secured and better ?? > Thanks.. > -- > View this message in context: http://www.nabble.com/is-there-a-better-way-to-know-from-which-php-file-the-request-comes-from----tp25003587p25003587.html > Sent from the PHP - General mailing list archive at Nabble.com. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
