Hi Scott,
You've discovered one of the basic tenets of form security on the web :)
It is crucial that you never trust input from ANY outside source. This
means you should do a couple of things:
1) limit the possible input values
2) validate the data type. If you expect a number, use is_numer
When the page is submitted, set your session vars, then redirect to the
next page.
Or you can set the session vars before you do any other processing.
Scott Fletcher wrote:
Will check into whether did I use the post method correctly.
Speaking of session, I don't see how can it be done to put t
Will check into whether did I use the post method correctly.
Speaking of session, I don't see how can it be done to put the data into the
session after the user click the submit button before going over to the next
webpage.
FletchSOD
"Scott Fletcher" <[EMAIL PROTECTED]> wrote in message
news:[EM
3 matches
Mail list logo
