Page 1 of 1

Hiding the action on a page when the source is viewed?

Posted: Mon Mar 08, 2004 11:33 am
by trantron
The problem is that I have a form to collect basic info from the user like name and email etc. If one views the source code the action is visible, so along with that the name of the next php file can easily be identified. This php file is where the information is sent to the database.

This weekend somebody went on the site and by passed the validated form that collects the information and just went straight to the php file resulting in empty files being sent to the database. They did this repeatedly.

How can I prevent people from seeing or accessing that php file?

Thanks in advanced

Posted: Mon Mar 08, 2004 11:37 am
by liljester
revalidate the data before you put it into the db... you should always check data before you put it into the db.

Posted: Mon Mar 08, 2004 2:49 pm
by pickle
Agreed - the data should always be validated. Also, use POST instead of GET (which I think you're using).