For security, you can modify your code so that you check
the $_POST elements instead of using the magic globals.  
That's all well and good.
However, someone copy and save your HTML to their local
machine, change some values, change the "Action" page of the 
form to be instead of 
"form_page.php".  You'll be checking the $_POST elements
but you won't have any idea that they were changed and posted
from the user's local machine.
Is there any way to determine from where the post request came
from w/o using http_referer?


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to