Re: [PHP] Is there a way to protect PHP's $_POST, $_GET whenuser tamper with post string in URL toolbox???

At 18:43 7-1-04, you wrote:
>Hi!
>
> I wanted to know is is there a way to configure PHP to make it not be
>affected when the web user tamper with the values in the post string after a
>webpage is submitted or something. (Further explanation below)
>
> I noticed when I use the hidden html input tag with hidden data in it
>then when I click the submit button to submit the webpage, the hidden data
>then show up in the URL address. Fine, no problem. But I noticed one
>problem, I can changed the value in the URL toolbar of the web-browser and
>get different result on the webpage. I know it is where $_REQUEST[],
>$_GET, etc. come into play. So, is there a way to keep that $_REQUEST[],
>$_GET[] data unchanged? Does this require the php.ini configuration or
>what?

I think when you change the FORM tag by adding
method="POST"
to it is so the form data are send as POST instead of GET. IN the next page
you will then find the form element values in the $_POST array.

It takes a lot more of users to tamper with POST data than with GET data.
However you can never trust anything coming over the net and there are ways
to fake POST data.
In the post-form page check whether the referer is from your own site, that
will also make it a lot harder.

And try to use methods where it does not help the hacker to try to fool
you, check their identity on every page.