Does anyone know how to make sure that all variables are submitted locally instead of someone doing a hack by providing fake variables in the URL?
use $_POST['varname'] then the variable must come in from a form with the post method but it's still spoofable.
Is there any way for it not to be spoofable?
I don't want people to be able to submit values that aren't part of my programming.
http://mysite.com?INFO=blah&cute-hack&cuter-hack
and so on.
Make sure register globals are off, and don;t use any $_GET's, so your code won't acknowledge them...
