Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Identifying form that submitted

Status
Not open for further replies.
csteinhilber

csteinhilber

Programmer
Aug 2, 2002
1,291
US
Anyone know of a way to identify the FORM that submitted data to the current template?

HTTP_REFERER doesn't do it.

I'm trying to get the action page to process ONLY when it's posted to by a specific form.
-Carl
 
Sort by date Sort by votes
hidden form field carrying something to identify which form it was

spoofable, but it works


rudy
 
Upvote 0 Downvote
The key is spoofable.

I was looking for something a little more bullet-proof.

Seems like a receiving web page should be told what form was posting to it in some header or another. But it doesn't look like it :-/


-Carl
 
Upvote 0 Downvote
You can add a token to the URL, like action="template.cfm?formname=thisform".

or the question flew over my head?

-jason
 
Upvote 0 Downvote
That's even more spoofable than a form field, unfortunately.
-Carl
 
Upvote 0 Downvote
are the several forms all on the same page? put them on different pages, then http_referer will work ;o)

 
Upvote 0 Downvote
No... it's just one form. Well... actually... it's not even a form, truly. I'm posting to the receiving page using CFHTTP.

But the receiving page is on a different server... and for some reason, the referrer is set as the root of the that server. Not quite sure why that would be the case, but it's consistent... so I doubt it's something that I have control over.


-Carl
 
Upvote 0 Downvote
I call my form action pages from the same form page. All validation is done by a custom tag I wrote. If the form validates, the action page is included. I set a boolean variable: VARIABLES.FormVerified. I then cfparam it on the included action page; if it's false, the action page redirects to wherever I choose; if it's true, the page processes. Either way, no one can spoof the action page directly. Even if they spoof the form, validation is used just as if the form was processed normally.

The only way to run the action page directly is if you hack into the server and remove the boolean variable check!

-Tek
 
Upvote 0 Downvote
But, as I said, the form I'm submitting to lives on a separate server... so CFINCLUDE isn't an option.

And, as I said, it's not really a form/action page situation. I'm CFHTTP'ing to a page... I really have no intention for the action page to ever be visible.


Ended up moving the page I'm submitting to behind a protected directory and using the username/password attributes for CFHTTP. I do wish there was a convenient way to hide username/password, though, in the code for the submitting page. But for the time-being, it works fine.



-Carl
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lwfg
  • Locked
  • Question
getting form values from ColdFusion programn to asp.net program
Replies
2
Views
357
LyndonOHRC
LyndonOHRC
clearwave
  • Locked
  • Question
Timesheet entry form that auto-fills the Date range?
Replies
4
Views
361
clearwave
clearwave
hifispin2015
  • Locked
  • Question
Creating a slect all button for A Multiple Slect HTML Form Field
Replies
1
Views
300
LyndonOHRC
LyndonOHRC
LarrySteele
  • Locked
  • Question
Form variable problems with Safari 5.1.5
Replies
1
Views
208
jdhilljr
jdhilljr
mptwoadmin
  • Locked
  • Question
Update form from query preload?
Replies
1
Views
237
LyndonOHRC
LyndonOHRC

Part and Inventory Search

Sponsor

Back
Top