> How do you check to make sure that any
> form submissions originate from your site?
You basically can't.
...well that was easy ;)
All you can do is assume that every single piece of data sent from the
client is an attempt to screw up your application. After stripping non-valid
characters and using strlen to ensure the data is of a valid size, there
isn't much you can do. But if you know ahead of time that the date should
_NOT_ be 1998, just encode such a validator.
But if you want to be really sneaky, make something like this:
value1=vally|val2=vooly
Then run it through some encryption feature or a home-brewed scrambler, and
make the whole thing one single "hidden" value.
In your script you decode it, split it apart into proper variables, and
continue along as normal.
Still not fool proof, but I use it when I have no other better method. And
it basically thwarts 99% of casual tinkerers, and an equal amount of script
kiddies, and it allows you to be really creative in your data validation,
plus you can screw with people's heads...which of course is the most
important function ;)
--
Plutarck
Should be working on something...
...but forgot what it was.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
