Hi!
I wanted to know is is there a way to configure PHP to make it not be affected when the web user tamper with the values in the post string after a webpage is submitted or something. (Further explanation below)
I noticed when I use the hidden html input tag with hidden data in it then when I click the submit button to submit the webpage, the hidden data then show up in the URL address. Fine, no problem. But I noticed one problem, I can changed the value in the URL toolbar of the web-browser and get different result on the webpage. I know it is where $_REQUEST[], $_GET, etc. come into play. So, is there a way to keep that $_REQUEST[], $_GET[] data unchanged? Does this require the php.ini configuration or what?
I think when you change the FORM tag by adding
method="POST"
to it is so the form data are send as POST instead of GET. IN the next page you will then find the form element values in the $_POST array.
It takes a lot more of users to tamper with POST data than with GET data. However you can never trust anything coming over the net and there are ways to fake POST data.
In the post-form page check whether the referer is from your own site, that will also make it a lot harder.
And try to use methods where it does not help the hacker to try to fool you, check their identity on every page.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
