> > Is there any way to determine from where the post request came
> > from w/o using http_referer?
> No, nor with it.
I know that http_referer is unviable, that's why I asked if you can find
out that data w/o using it.
> Someone who wants to mess with you can supply any HTTP
> referer they want to (using something like 'curl -e' or just creating the
> request by hand in a text editor).
> You can never assume that submitted data is benign or untampered.
Ok, then how do you go about checking to make sure that submitted
data is, in fact, benign and acceptable for your use?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php