On 3/29/07, cajbecu <[EMAIL PROTECTED]> wrote:
> > <? > if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) { > // This is a safe POST > } elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) { > die("Illegal access. Your IP has been logged.\n"); > } > ?> >it is not safe. i can use curl (www.php.net/curl) and modify the referer of my script to pass this security check. i advise you to add image code to the form and check that in your script. that will stop the attackers insert lot of data in your database.
You need a really good code to make it really secure :) I've discussed the problems with using image code (CAPTCHA) in another post on this list. So then you would create a script of 100+ lines to do it :) And even then, some smart programmers are probably going to find a way to read your image code :) Tijnema
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
