2015-05-02, 01:20 AM
Well basically, I've created a new form using PHP, and HTML. This form basically queries the values of what's entered into the textbox. I've done this by using a form action. Once the submit button is pressed, it's set to echo "1 record has been added". I'm slightly concerned however. The form action page holds the db connector info. Directly accessing the form action file is what I'm concerned about as it's possible, and still echos "1 record has been added", and queries with just with empty values.
Is there any workaround to preventing the direct access to the form action file? Or is there another way I would have to code this?
My concern is by directly accessing the form action file, does this not make the db connector info exposed? My alternative was to follow how MyBB has handled their queries, and handle the query as a usercp.php?action= but I haven't done this before. I have also tried the .htaccess'ing the file, however this blocks the form script also from accessing it.
Any suggestions?
Is there any workaround to preventing the direct access to the form action file? Or is there another way I would have to code this?
My concern is by directly accessing the form action file, does this not make the db connector info exposed? My alternative was to follow how MyBB has handled their queries, and handle the query as a usercp.php?action= but I haven't done this before. I have also tried the .htaccess'ing the file, however this blocks the form script also from accessing it.
Any suggestions?