how to validate user already present

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
shuchitaumehta
Forum Newbie
Posts: 15
Joined: Tue Jul 01, 2008 2:10 am

how to validate user already present

Post by shuchitaumehta »

by using javascript variable when i view source of the html page i can see whole db values in javascript variable

if i store in cookie i can also see this

pls let me know how to avoid this

thank you
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: how to validate user already present

Post by jaoudestudios »

Use php instead of javascript. As it is server side no variables are displayed to the browser unless you echo it.

If you want to check if a user has already logged in from page to page then use a php session variable as it is global it is carrier from page to page.
shuchitaumehta
Forum Newbie
Posts: 15
Joined: Tue Jul 01, 2008 2:10 am

Re: how to validate user already present

Post by shuchitaumehta »

jaoudestudios wrote:Use php instead of javascript. As it is server side no variables are displayed to the browser unless you echo it.

If you want to check if a user has already logged in from page to page then use a php session variable as it is global it is carrier from page to page.
Thank u for replay

but if i use php post/get method then i have to go with all the element in form & while returning have to put them
my form contains too many elements

also if i use post & reload page i get message
"The page you are trying to view contains POSTDATA..... with ok & cancel button"
i don't want this message
for end user it seems error
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: how to validate user already present

Post by jaoudestudios »

yes it will question if the browser should resend the data if you are using POST vars, use GET method to avoid this.
Post Reply