On 8/17/09 5:17 AM, "nashrul" <anas_a...@yahoo.com> wrote: > This is a newbie question... > Let's say there are 3 php files, page1.php, page2.php and page3.php. Form > submission from page1.php or page2.php will take user to page3.php. > I know that we can use parameter that is appended in the action attribute of > the form (e.g <FORM METHOD=POST ACTION="tes.php?var1=val1">) > But I think, appending this parameter is transparent to the user, since it's > visible in the url. > And I think we can also use the hidden field or (form name ??.). > So which one is most secured and better ??
i'm not in love with using the form POST method combined with an action url that includes pseudo-GET parameters. for POST forms, i use a convention of always having a hidden input in the form to indicate which form sent the query, e.g. <input type="hidden" name="whichform" value="foobarform"> this also comes in handy if one server script processes more than one form. as for security, there's little difference between this method, using GET values, using HTTP_REFERER, or what have you. protection against spoofing lies not in these choices. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
