Say I have a page that requires to be directed to two different pages of processing for whatever reason.
So a user submits a form on page A, which takes them to page A.post, which then takes them to page A.complete, which finally redirects them to page A with the information submitted.
A.post and A.complete are pure php, where database magic is happening and the user would normally never go there, and if they were to go directly to A.post or A.complete they would be presented with a blank page.
Say A.post sends A.complete data via the query string, in $_GET. Is it possible for a user to somehow go to A.post to see those GET var’s either while the redirect is taking place, or via looking at their page history?
Hope I’ve been clear, cheers!
May I ask why this isn’t done “behind the scenes” and A.post doesn’t just
include('A.complete');?Any time you redirect you have the chance of a mis-step, user intervention, or hacking of headers (unintended input).
Keep whatever logic you need on the server and out of client reach. Unless there’s a realy good reason to switch pages (maybe this is a domain transfer) I would keep all your processing on one page. If you DO need to switch, make sure you have some form of a check-step so user-intervention isn’t even a question.
p.s. Your immediate answer is YES. (Firefox has control+shift+K as I’m sure a lot of browsers provide either directly now (or by some form of plugin).)