Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Magic quotes? Should I still be cautious?
Re: Magic quotes? Should I still be cautious?
I know what page(s) can legitimately access the page in question.
Operations which change the database can only be accessed via POST
operations, for instance. Accessing them via GET will not do anything.
But then my pages process the data entered, also. For instance, if
someone wants to log in, they can access the page via GET, in which case
the page will only be displayed. When they enter their userid and
password, the form's action directs to the same page as a POST. When the
POST operation comes in (and only then), the userid and password are
validated, and if correct, redirect to the next page via a header() call.
And no, I do NOT want these values to come in via a cookie or a GET request.
Remove the "x" from my email address
JDS Computer Training Corp.