[thelist] CF: source of POST variables
jon steele
jjsteele22 at yahoo.com
Fri Aug 2 07:53:01 CDT 2002
Hi,
I need to know the source of the POST variables available on a certain page. I need to ensure that
my receipt script only executes if the user validly submitted a form (and not mimiced the form and
just posted the variables to the receipt script).
HTTP_REFERER is pretty unreliable for this scenario, because of its dependency on the browser.
Is there a ColdFusion variable indicating where the POST variables were, well, posted from?
This seems like a pretty common issue...is there another method I can use to acheive the same
level of security? I know one way would be to create a unique, random, identifier, store it
somewhere (db, session variables...etc?), place it in a hidden form field, and then on the receipt
page verify and disable the id. Any other more simple, elegant solutions? :)
Thank you greatly in advance.
Jon
__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
More information about the thelist
mailing list