How are you "calling thankyou.php"?
1. are you -redirecting- the user to that file?
--or--
2. are you -including- that file into register.php upon a successful
submission?
The method you're using determines how you best secure thankyou.php
from direct access.
If you're redirecting, then
i have a registration page called register.php if the data entered is
validated correctly i call a file called thankyou.php or else validate.php
presently a user after seeing the url website.com/thankyou.php if they enter
the url directly in the browser as website.com/thankyou.php they can acces
2 matches
Mail list logo
