securly passing user data from a form to session variables

alpha_juno

Hi guys, I was wondering if any of you knew a secure method to pass user data from a form to session variables.

I wish to collect data from a user form on my first page. Register this data as session variables to use through the rest of my application.

If i use a 2 page technique (page1 = form (POST) - page 2 = register session variables) surely this is vunerable to injections. I have code that will verify http referrer headers before execution but i believe this is also not that secure as the referrers can also be spoofed, is that correct?

If i use a 1 page php_self technique is this also vunerable to injections?

Any help/thoughts would be really appreciated.

Cheers,

Jim;]

thorpe

Of course its vulnerable to injections, but there is no other way. depending on what kind of data it is, and how secure it really needs to be you might consider using a https connection.

Page to Another page, or Page back to itself makes no difference. They are both requests.

alpha_juno

Thanks for the reply thorpe. That is what I was beggining to think, so thanks for re affirming it. I think I will use https as the application is for managing and creating new email accounts on a server. It's not super sensitive data I just wondered if there was a 100% secure method and if so would adopt it on all my future programming. I had been reading about confirming the IP address preceeding page/referrer but I'm guessing this can be spoofed also?