>There is no substitute for good data verification such as strip_tags() or
>some regular expressions to limit valid input. I also would recomend
>checking the referrer to be sure someone doesn't hijack you form and try to
>modify it and submit it from a remote location. Here is an example:
>if (validReferrer() === false)
> die("invalid referrer");
>function validReferrer()
> $_valid_referrers =
> $referer = str_replace('//', '/', $_SERVER['HTTP_REFERER']);
> $ref = explode('/', $referer);
> if ( in_array($ref[1], $_valid_referrers) )
>  return true;
> else
>  return false;

That is a good idea.
$_SERVER['HTTP_REFERER'] is the web server identifier, right?
My web server is from the internal LAN.
I am hesitant to allow HTTP_REFERERs from because it seems to me that it 
would be easy enough to configure a strange box
to imitate
Can I somehow check that the HTTP_REFERER = localhost?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to