Hiding the action on a page when the source is viewed?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
trantron
Forum Newbie
Posts: 5
Joined: Thu Feb 12, 2004 10:36 am

Hiding the action on a page when the source is viewed?

Post by trantron »

The problem is that I have a form to collect basic info from the user like name and email etc. If one views the source code the action is visible, so along with that the name of the next php file can easily be identified. This php file is where the information is sent to the database.

This weekend somebody went on the site and by passed the validated form that collects the information and just went straight to the php file resulting in empty files being sent to the database. They did this repeatedly.

How can I prevent people from seeing or accessing that php file?

Thanks in advanced
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Post by liljester »

revalidate the data before you put it into the db... you should always check data before you put it into the db.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Agreed - the data should always be validated. Also, use POST instead of GET (which I think you're using).
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply