[nycphp-talk] Forms & Refresh Question & General Form Security
Chris Shiflett
shiflett at php.net
Wed May 14 12:23:14 EDT 2003
--- Wellington Fan <wfan at encogent.com> wrote:
> "page_with_form.php"
>
> submits to
>
> "form_processor.php"
>
> which redirects to
>
> "page_with_form.php?status=(success|failure)"
You do realize you're basically trusting the user with the value of status,
right? I hope you're not using that for anything important.
Chris
More information about the talk
mailing list
Automatic Email Organization without missing anything!