NYCPHP Meetup

NYPHP.org

[nycphp-talk] Forms & Refresh Question & General Form Security

Wellington Fan wfan at encogent.com
Wed May 14 13:47:58 EDT 2003


absolutely. do this where it makes sense.

> -----Original Message-----
> From: Chris Shiflett [mailto:shiflett at php.net]
> Sent: Wednesday, May 14, 2003 12:23 PM
> To: NYPHP Talk
> Subject: RE: [nycphp-talk] Forms & Refresh Question & General Form
> Security
> 
> 
> --- Wellington Fan <wfan at encogent.com> wrote:
> > "page_with_form.php"
> > 
> > submits to
> > 
> > "form_processor.php"
> > 
> > which redirects to
> > 
> > "page_with_form.php?status=(success|failure)"
> 
> You do realize you're basically trusting the user with the value 
> of status,
> right? I hope you're not using that for anything important.
> 
> Chris
> 
> 
> --- Unsubscribe at http://nyphp.org/list/ ---
> 
> 
> 



More information about the talk mailing list