View Full Version : Read POST only by script from MY domain
02-15-2006, 06:21 PM
How to make my script check if
come from within my domain
(if not - the script should exit)
The best way to do this would be to set a $_SESSION variable when you output the form, and check for it (and then unset it) when you come to do the form processing.
Anything of the form $_SERVER['HTTP_XXX'] can be spoofed, so shouldn't be relied upon.
Really though, you should really be sanitising th $_POST array regardless of where it comes from, so checking shouldn't really be necessary.
 to realise that I'm not convinced my 1st paragraph (which is essenaitlly the same as the post that follows this) would actually work....will have a think :|
02-15-2006, 07:14 PM
You can use $_SERVER['HTTP_referer'] but it can be changed by the client side. The ebst way to do it is to set something in a db when ever the users is on a page that can call a form then allow them to send the post and whipe the db when they posted the info.
Powered by vBulletin® Version 4.2.2 Copyright © 2015 vBulletin Solutions, Inc. All rights reserved.