why don't you check to see is a variable was passed to the page. If you use the post
method then a hidden field can be used o check that the user did come from the
application page.
a sample of the check will be
if(!$var_from_previous_page)
{
header("location: application.php");
}
--
On Thu,
not all browsers support the referrer or some people use software to block
that,
so that method is unreliable... the only way to do this is with a token.
that is time
sensitive from the database, even then there is no method that is hackproof.
Rick
At 03:41 PM 3/22/01 +, Jon Haworth wrote
> > You could have a check for the HTTP_REFERER variable, if it doesn't
> > contain "application.php", chances are they didn't come from that page.
> it's not a good idea to rely on $HTTP_REFERER for anything, and especially
> for this. a referer is only reported when the user follows a hyperlin
A common way is to add a check for the pressing of the submit button, so
assuming :
if ( isset($submit) ) {
// process form
} else {
echo 'oh dear, you did not use form.';
}
I usually use a hidden field instead as at times the submit button can be
"skipped" as the user presse
You could have a check for the HTTP_REFERER variable, if it doesn't contain
"application.php", chances are they didn't come from that page.
There might be a neater way to do it, but I don't know it :-)
HTH
Jon
-Original Message-
From: Good Fella [mailto:[EMAIL PROTECTED]]
Sent: 22 Marc
5 matches
Mail list logo
