If you want to check where your submit is comming from, then you need to
check the REFERER url..... do so by useing the global $HTTP_REFERER
variable.
global $HTTP_REFERER;
if($HTTP_REFERER == "YOUR_FORM_PAGE_HERE")
{
//PROCESS CODE.
}
else
{
echo"Your a hacker, so BITE ME!!!";
}
----- Original Message -----
From: "Plutarck" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 03, 2001 7:58 PM
Subject: [PHP] Sneaky solution
> > How do you check to make sure that any
> > form submissions originate from your site?
>
> You basically can't.
>
> ...well that was easy ;)
>
>
> All you can do is assume that every single piece of data sent from the
> client is an attempt to screw up your application. After stripping
non-valid
> characters and using strlen to ensure the data is of a valid size, there
> isn't much you can do. But if you know ahead of time that the date should
> _NOT_ be 1998, just encode such a validator.
>
>
> But if you want to be really sneaky, make something like this:
>
> value1=vally|val2=vooly
>
> Then run it through some encryption feature or a home-brewed scrambler,
and
> make the whole thing one single "hidden" value.
>
> In your script you decode it, split it apart into proper variables, and
> continue along as normal.
>
>
> Still not fool proof, but I use it when I have no other better method. And
> it basically thwarts 99% of casual tinkerers, and an equal amount of
script
> kiddies, and it allows you to be really creative in your data validation,
> plus you can screw with people's heads...which of course is the most
> important function ;)
>
>
>
> --
> Plutarck
> Should be working on something...
> ...but forgot what it was.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
