Posted by Jerry Stuckle on 10/16/85 11:54

Katash wrote:
> ***newbie_request***
>
> I have a simple program that inserts user details into a MySQL database -
> The form validation is dealt with by another program that contains the html
> form
>
> I would like to ensure no-one can create a separate form and post to my
> input program thereby bypassing my validation functions
>
> My question is :- Is there a way I check that the $_POST vars have come from
> a php file on the webserver and halt the sql input with a security warning
> if they're coming from a different source?
>
> Perhaps I'm approaching this from the wrong angle - Am I?
>
>
> TIA
>
> Dave
>
>

Not reliably. But rather, you should be validating the data server-side
just before inserting it into the database.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]