How should you do it?, i mean i have 3 pages with some forms on two of em First page = some general information to fill in Second page = more deep information and last page to confirm and store in the database. All pages i got is in one single php file to be able to move between them, eg if they dident fill in the correct info on the first page i can just redirect them to then first page function. Step is just the name of a variable, maby it was a bad name?
What methods is there to do this? sessions? regards Patrick "Chris Shiflett" <[EMAIL PROTECTED]> skrev i meddelandet news:[EMAIL PROTECTED] > --- Patrik Fomin <[EMAIL PROTECTED]> wrote: > > i got a page that i devided up into 3 diffrent pages, > > to call i use <form method="post"><input type="hidden" name="step" > > value="1"> > > or 2-3, but i found out that you can just write the url: > > mypage.php?step=1 to get to step one, is there anyway to get rid of > > that possibility > > Yes, you can use $_POST['step']. However, this is just as easy to spoof, > so you're not really eliminating the problem, just a symptom. Having the > client identify what step it is on seems fundamentally flawed to me. > > Hope that helps. > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly > Coming mid-2004 > HTTP Developer's Handbook - Sams > http://httphandbook.org/ > PHP Community Site > http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
