Pag wrote:
Been having some hacker problems on my site, and a simple one:
I have a shoutbox, a simple form with name and text that adds lines to the database. I do checks for insults, too long words, tags, etc, but its still possible to circumvent those checks by adding the data on the url instead of using the form. something like:
www.domain.com/shoutb.php?name=hacker&text=generalnonsenseandbadwords
To prevent this, i tried tracing the http_referral so that only data from inside the site goes into the shoutbox. THe problem is that if you do that url above after visiting my site, the http_referral obviously thinks its coming from inside the site. :-P
How can i solve this? Is there any way to prevent data adding from outside? Maybe some invisible check on the form or something?
Thanks.
Pag
-- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
