$_POST PROBLEM
Moderator: General Moderators
$_POST PROBLEM
May i know is there any pre-defined $_POST variable that can help us to verify where the $_POST variables is send from?
Thank you.
Thank you.
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
You cannot reliably acertain the origin of any request data (POST or GET).
You can add:and then do this:
BUT, before you go running off. Remember any of this data can be tampered with. Someone could very easier spoof the value of origin to whatever they wanted. In that way POST is no better than GET, only you have to go to a bit more effort to do it, and fewer people know about it; still really simple though.
You can add:
Code: Select all
<input type="hidden" name="origin" id="origin" value="add record form" />
Code: Select all
if ($_POST['origin'] == 'add record form')In addition to this....ole wrote:You cannot reliably acertain the origin of any request data (POST or GET).
You can add:and then do this:Code: Select all
<input type="hidden" name="origin" id="origin" value="add record form" />BUT, before you go running off. Remember any of this data can be tampered with. Someone could very easier spoof the value of origin to whatever they wanted. In that way POST is no better than GET, only you have to go to a bit more effort to do it, and fewer people know about it; still really simple though.Code: Select all
if ($_POST['origin'] == 'add record form')
You should not really be concerned where data comes from. You just need to validate it properly and use it accordingly.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
You may find it easier to use sessions.Everah wrote:If it is really a concern, and you happen to use database driven content, you can always store in your database what the calling page was based on the page you are on. I do this on a couple of sites, so I always know the page the user is on and the page they came from (within my site).
Well said.jmut wrote:You should not really be concerned where data comes from. You just need to validate it properly and use it accordingly.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
I do. I database my sessions with my own session code. Page trails are maintained in my sessions table.ole wrote:You may find it easier to use sessions.Everah wrote:If it is really a concern, and you happen to use database driven content, you can always store in your database what the calling page was based on the page you are on. I do this on a couple of sites, so I always know the page the user is on and the page they came from (within my site).
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA


