Posted by nescio on 05/14/06 17:54

i changed the request to post and now i got rid of the phpsessid.
the only 'useless' one that is left is 'submit' , but that is no problem


> People can post to your script without
> using the form though, so you can't really trust what is posted. Also, if
> you''d change the location or surrounding code of the script it could
break.

the form is not availible to everyone, only a few people.


> Several solutions come to mind, for instance naming hidden inputs
"field[]",
> and store the fieldnames in there, but that still relies on the
> post-variables. As you're already using a session, why not add an array
with
> the fields to use there?
>
> You can then just:
> foreach($_SESSION['fields'] as $fieldname){
> //do stuff with $_POST[$fieldname]
> }
> And leave the rest of the $_POST variables alone?

yes, that can be a solution, but then i have to change a lot,
that means, a lot of extra work.

but when it has to be done, it has to be done.......tomorrow



thanks for your help and advice.

• Next in forum: Re: |OT| Speed Bumps
• Prev in forum: Re: form - request question
• Thread view: Re: form - request question

[Reply to this message]