[Keylogger]

I need to block people from typing "main.php?form=1" or "main.php?form=2", however I will use this.
I mean, I will use "main.php?form=1" etc, but if people instead of writing in the URL "main.php" write main.php?form=1, I need to prevent a message to appear.

Because, my form calls method="main_xpto.php", and when the "main_xpto.php" do the job, it will redirect to the main.php?form=1 or 2 and it will appear a message. So, if people insert in the URL "main.php?form=1", it will appear the message even if they didn't submit the form.

Any ideas??

[JackOfAllTrades]

PHP can't stop people from typing anything into the address bar.

[macosxnerd101]

Try relying on hidden inputs and $_POST values instead of $_GET values.

[Keylogger]

macosxnerd101, on 29 July 2012 - 05:18 PM, said:

Try relying on hidden inputs and $_POST values instead of $_GET values.

The only $_GET I use is for get the url.

Do you guys have any idea how to do it in other way? What I need is: enter main.php » submit the form » read main_xpto.php » back to main » present a message in the main.

I tried to put the message in the main_xpto.php, but I need to redirect, and I use:

echo "<script type='text/javascript'>window.location='main.php?id=0'</script>";

So the message won't appear. Any suggestions?

This post has been edited by Keylogger: 29 July 2012 - 05:53 PM

[JackOfAllTrades]

Save a message in the SESSION in the main_xpto.php script. Add a div to main that prints the content of that message.

[Keylogger]

Perfect men. Great solution. Solved, thanks!!