[nycphp-talk] Forms & Refresh Question & General Form Security
Wellington Fan
wfan at encogent.com
Wed May 14 13:47:58 EDT 2003
absolutely. do this where it makes sense.
> -----Original Message-----
> From: Chris Shiflett [mailto:shiflett at php.net]
> Sent: Wednesday, May 14, 2003 12:23 PM
> To: NYPHP Talk
> Subject: RE: [nycphp-talk] Forms & Refresh Question & General Form
> Security
>
>
> --- Wellington Fan <wfan at encogent.com> wrote:
> > "page_with_form.php"
> >
> > submits to
> >
> > "form_processor.php"
> >
> > which redirects to
> >
> > "page_with_form.php?status=(success|failure)"
>
> You do realize you're basically trusting the user with the value
> of status,
> right? I hope you're not using that for anything important.
>
> Chris
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---
>
>
>
More information about the talk
mailing list